/src/wireshark/epan/dissectors/packet-gquic.c
Line | Count | Source |
1 | | /* packet-gquic.c |
2 | | * Routines for (Google) Quick UDP Internet Connections dissection |
3 | | * Copyright 2013, Alexis La Goutte <alexis.lagoutte at gmail dot com> |
4 | | * |
5 | | * Wireshark - Network traffic analyzer |
6 | | * By Gerald Combs <gerald@wireshark.org> |
7 | | * Copyright 1998 Gerald Combs |
8 | | * |
9 | | * SPDX-License-Identifier: GPL-2.0-or-later |
10 | | */ |
11 | | |
12 | | /* |
13 | | QUIC Wire Layout Specification : https://docs.google.com/document/d/1WJvyZflAO2pq77yOLbp9NsGjC1CHetAXV8I0fQe-B_U/ |
14 | | |
15 | | QUIC Crypto : https://docs.google.com/document/d/1g5nIXAIkN_Y-7XJW5K45IblHd_L2f5LTaDUDwvZ5L6g/ |
16 | | |
17 | | QUIC source code in Chromium : https://code.google.com/p/chromium/codesearch#chromium/src/net/quic/quic_utils.h&sq=package:chromium |
18 | | |
19 | | */ |
20 | | #include "config.h" |
21 | | |
22 | | #include <epan/packet.h> |
23 | | #include <epan/prefs.h> |
24 | | #include <epan/expert.h> |
25 | | #include <epan/conversation.h> |
26 | | #include <epan/tfs.h> |
27 | | #include "packet-http2.h" |
28 | | #include "packet-quic.h" |
29 | | #include <wsutil/strtoi.h> |
30 | | |
31 | | void proto_register_gquic(void); |
32 | | void proto_reg_handoff_gquic(void); |
33 | | |
34 | | static dissector_handle_t gquic_handle; |
35 | | static dissector_handle_t tls13_handshake_handle; |
36 | | static dissector_handle_t quic_handle; |
37 | | |
38 | | static int proto_gquic; |
39 | | static int hf_gquic_header_form; |
40 | | static int hf_gquic_fixed_bit; |
41 | | static int hf_gquic_long_packet_type; |
42 | | static int hf_gquic_long_reserved; |
43 | | static int hf_gquic_packet_number_length; |
44 | | static int hf_gquic_dcil; |
45 | | static int hf_gquic_scil; |
46 | | static int hf_gquic_puflags; |
47 | | static int hf_gquic_puflags_vrsn; |
48 | | static int hf_gquic_puflags_rst; |
49 | | static int hf_gquic_puflags_dnonce; |
50 | | static int hf_gquic_puflags_cid; |
51 | | static int hf_gquic_puflags_cid_old; |
52 | | static int hf_gquic_puflags_pkn; |
53 | | static int hf_gquic_puflags_mpth; |
54 | | static int hf_gquic_puflags_rsv; |
55 | | static int hf_gquic_cid; |
56 | | static int hf_gquic_version; |
57 | | static int hf_gquic_diversification_nonce; |
58 | | static int hf_gquic_packet_number; |
59 | | static int hf_gquic_prflags; |
60 | | static int hf_gquic_prflags_entropy; |
61 | | static int hf_gquic_prflags_fecg; |
62 | | static int hf_gquic_prflags_fec; |
63 | | static int hf_gquic_prflags_rsv; |
64 | | static int hf_gquic_message_authentication_hash; |
65 | | static int hf_gquic_frame; |
66 | | static int hf_gquic_frame_type; |
67 | | static int hf_gquic_frame_type_padding_length; |
68 | | static int hf_gquic_frame_type_padding; |
69 | | static int hf_gquic_frame_type_rsts_stream_id; |
70 | | static int hf_gquic_frame_type_rsts_byte_offset; |
71 | | static int hf_gquic_frame_type_rsts_error_code; |
72 | | static int hf_gquic_frame_type_cc_error_code; |
73 | | static int hf_gquic_frame_type_cc_reason_phrase_length; |
74 | | static int hf_gquic_frame_type_cc_reason_phrase; |
75 | | static int hf_gquic_frame_type_goaway_error_code; |
76 | | static int hf_gquic_frame_type_goaway_last_good_stream_id; |
77 | | static int hf_gquic_frame_type_goaway_reason_phrase_length; |
78 | | static int hf_gquic_frame_type_goaway_reason_phrase; |
79 | | static int hf_gquic_frame_type_wu_stream_id; |
80 | | static int hf_gquic_frame_type_wu_byte_offset; |
81 | | static int hf_gquic_frame_type_blocked_stream_id; |
82 | | static int hf_gquic_frame_type_sw_send_entropy; |
83 | | static int hf_gquic_frame_type_sw_least_unacked_delta; |
84 | | static int hf_gquic_crypto_offset; |
85 | | static int hf_gquic_crypto_length; |
86 | | static int hf_gquic_crypto_crypto_data; |
87 | | static int hf_gquic_frame_type_stream; |
88 | | static int hf_gquic_frame_type_stream_f; |
89 | | static int hf_gquic_frame_type_stream_d; |
90 | | static int hf_gquic_frame_type_stream_ooo; |
91 | | static int hf_gquic_frame_type_stream_ss; |
92 | | /* ACK */ |
93 | | static int hf_gquic_frame_type_ack; |
94 | | static int hf_gquic_frame_type_ack_n; |
95 | | static int hf_gquic_frame_type_ack_u; |
96 | | static int hf_gquic_frame_type_ack_t; |
97 | | static int hf_gquic_frame_type_ack_ll; |
98 | | static int hf_gquic_frame_type_ack_mm; |
99 | | /* ACK Before Q034 */ |
100 | | static int hf_gquic_frame_type_ack_received_entropy; |
101 | | static int hf_gquic_frame_type_ack_largest_observed; |
102 | | static int hf_gquic_frame_type_ack_ack_delay_time; |
103 | | static int hf_gquic_frame_type_ack_num_timestamp; |
104 | | static int hf_gquic_frame_type_ack_delta_largest_observed; |
105 | | static int hf_gquic_frame_type_ack_first_timestamp; |
106 | | static int hf_gquic_frame_type_ack_time_since_previous_timestamp; |
107 | | static int hf_gquic_frame_type_ack_num_ranges; |
108 | | static int hf_gquic_frame_type_ack_missing_packet; |
109 | | static int hf_gquic_frame_type_ack_range_length; |
110 | | static int hf_gquic_frame_type_ack_num_revived; |
111 | | static int hf_gquic_frame_type_ack_revived_packet; |
112 | | /* ACK After Q034 */ |
113 | | static int hf_gquic_frame_type_ack_largest_acked; |
114 | | static int hf_gquic_frame_type_ack_largest_acked_delta_time; |
115 | | static int hf_gquic_frame_type_ack_num_blocks; |
116 | | static int hf_gquic_frame_type_ack_first_ack_block_length; |
117 | | static int hf_gquic_frame_type_ack_gap_to_next_block; |
118 | | static int hf_gquic_frame_type_ack_ack_block_length; |
119 | | static int hf_gquic_frame_type_ack_delta_largest_acked; |
120 | | static int hf_gquic_frame_type_ack_time_since_largest_acked; |
121 | | static int hf_gquic_stream_id; |
122 | | static int hf_gquic_offset; |
123 | | static int hf_gquic_data_len; |
124 | | static int hf_gquic_tag; |
125 | | static int hf_gquic_tags; |
126 | | static int hf_gquic_tag_number; |
127 | | static int hf_gquic_tag_value; |
128 | | static int hf_gquic_tag_type; |
129 | | static int hf_gquic_tag_offset_end; |
130 | | static int hf_gquic_tag_length; |
131 | | static int hf_gquic_tag_sni; |
132 | | static int hf_gquic_tag_pad; |
133 | | static int hf_gquic_tag_ver; |
134 | | static int hf_gquic_tag_ccs; |
135 | | static int hf_gquic_tag_pdmd; |
136 | | static int hf_gquic_tag_uaid; |
137 | | static int hf_gquic_tag_stk; |
138 | | static int hf_gquic_tag_sno; |
139 | | static int hf_gquic_tag_prof; |
140 | | static int hf_gquic_tag_scfg; |
141 | | static int hf_gquic_tag_scfg_number; |
142 | | static int hf_gquic_tag_rrej; |
143 | | static int hf_gquic_tag_crt; |
144 | | static int hf_gquic_tag_aead; |
145 | | static int hf_gquic_tag_scid; |
146 | | static int hf_gquic_tag_pubs; |
147 | | static int hf_gquic_tag_kexs; |
148 | | static int hf_gquic_tag_obit; |
149 | | static int hf_gquic_tag_expy; |
150 | | static int hf_gquic_tag_nonc; |
151 | | static int hf_gquic_tag_mspc; |
152 | | static int hf_gquic_tag_tcid; |
153 | | static int hf_gquic_tag_srbf; |
154 | | static int hf_gquic_tag_icsl; |
155 | | static int hf_gquic_tag_scls; |
156 | | static int hf_gquic_tag_copt; |
157 | | static int hf_gquic_tag_ccrt; |
158 | | static int hf_gquic_tag_irtt; |
159 | | static int hf_gquic_tag_cfcw; |
160 | | static int hf_gquic_tag_sfcw; |
161 | | static int hf_gquic_tag_cetv; |
162 | | static int hf_gquic_tag_xlct; |
163 | | static int hf_gquic_tag_nonp; |
164 | | static int hf_gquic_tag_csct; |
165 | | static int hf_gquic_tag_ctim; |
166 | | static int hf_gquic_tag_mids; |
167 | | static int hf_gquic_tag_fhol; |
168 | | static int hf_gquic_tag_sttl; |
169 | | static int hf_gquic_tag_smhl; |
170 | | static int hf_gquic_tag_tbkp; |
171 | | static int hf_gquic_tag_mad0; |
172 | | static int hf_gquic_tag_qlve; |
173 | | static int hf_gquic_tag_cgst; |
174 | | static int hf_gquic_tag_epid; |
175 | | static int hf_gquic_tag_srst; |
176 | | |
177 | | /* Public Reset Tags */ |
178 | | static int hf_gquic_tag_rnon; |
179 | | static int hf_gquic_tag_rseq; |
180 | | static int hf_gquic_tag_cadr_addr_type; |
181 | | static int hf_gquic_tag_cadr_addr_ipv4; |
182 | | static int hf_gquic_tag_cadr_addr_ipv6; |
183 | | static int hf_gquic_tag_cadr_addr; |
184 | | static int hf_gquic_tag_cadr_port; |
185 | | |
186 | | static int hf_gquic_tag_unknown; |
187 | | |
188 | | static int hf_gquic_padding; |
189 | | static int hf_gquic_stream_data; |
190 | | static int hf_gquic_payload; |
191 | | |
192 | | #define QUIC_PORT_RANGE "80,443" |
193 | | static bool g_gquic_debug; |
194 | | |
195 | | static int ett_gquic; |
196 | | static int ett_gquic_puflags; |
197 | | static int ett_gquic_prflags; |
198 | | static int ett_gquic_ft; |
199 | | static int ett_gquic_ftflags; |
200 | | static int ett_gquic_tag_value; |
201 | | |
202 | | static expert_field ei_gquic_tag_undecoded; |
203 | | static expert_field ei_gquic_tag_length; |
204 | | static expert_field ei_gquic_tag_unknown; |
205 | | static expert_field ei_gquic_version_invalid; |
206 | | static expert_field ei_gquic_invalid_parameter; |
207 | | static expert_field ei_gquic_length_invalid; |
208 | | static expert_field ei_gquic_data_invalid; |
209 | | |
210 | | static const value_string gquic_short_long_header_vals[] = { |
211 | | { 0, "Short Header" }, |
212 | | { 1, "Long Header" }, |
213 | | { 0, NULL } |
214 | | }; |
215 | | static const value_string gquic_long_packet_type_vals[] = { |
216 | | { 0, "Initial" }, |
217 | | { 2, "Handshake" }, |
218 | | { 1, "0-RTT" }, |
219 | | { 0, NULL } |
220 | | }; |
221 | | static const value_string gquic_packet_number_lengths[] = { |
222 | | { 0, "1 bytes" }, |
223 | | { 1, "2 bytes" }, |
224 | | { 2, "3 bytes" }, |
225 | | { 3, "4 bytes" }, |
226 | | { 0, NULL } |
227 | | }; |
228 | | static const value_string quic_cid_lengths[] = { |
229 | | { 0, "0 bytes" }, |
230 | | { 5, "8 bytes" }, |
231 | | { 0, NULL } |
232 | | }; |
233 | | |
234 | 0 | #define GQUIC_MIN_LENGTH 3 |
235 | 176 | #define GQUIC_MAGIC2 0x513032 |
236 | 176 | #define GQUIC_MAGIC3 0x513033 |
237 | 88 | #define GQUIC_MAGIC4 0x513034 |
238 | | |
239 | 137 | #define GQUIC_VERSION_Q046 0x51303436 |
240 | | |
241 | | /**************************************************************************/ |
242 | | /* Public Flags */ |
243 | | /**************************************************************************/ |
244 | 419 | #define PUFLAGS_VRSN 0x01 |
245 | 14 | #define PUFLAGS_RST 0x02 |
246 | 14 | #define PUFLAGS_DNONCE 0x04 |
247 | 181 | #define PUFLAGS_CID 0x08 |
248 | 14 | #define PUFLAGS_CID_OLD 0x0C |
249 | 14 | #define PUFLAGS_PKN 0x30 |
250 | 1.60k | #define PUFLAGS_MPTH 0x40 |
251 | 1.86k | #define PUFLAGS_RSV 0x80 |
252 | | |
253 | | static const true_false_string puflags_cid_tfs = { |
254 | | "8 Bytes", |
255 | | "0 Byte" |
256 | | }; |
257 | | |
258 | | static const value_string puflags_cid_old_vals[] = { |
259 | | { 0, "0 Byte" }, |
260 | | { 1, "1 Bytes" }, |
261 | | { 2, "4 Bytes" }, |
262 | | { 3, "8 Bytes" }, |
263 | | { 0, NULL } |
264 | | }; |
265 | | |
266 | | static const value_string puflags_pkn_vals[] = { |
267 | | { 0, "1 Byte" }, |
268 | | { 1, "2 Bytes" }, |
269 | | { 2, "4 Bytes" }, |
270 | | { 3, "6 Bytes" }, |
271 | | { 0, NULL } |
272 | | }; |
273 | | |
274 | | /**************************************************************************/ |
275 | | /* Private Flags */ |
276 | | /**************************************************************************/ |
277 | 14 | #define PRFLAGS_ENTROPY 0x01 |
278 | 14 | #define PRFLAGS_FECG 0x02 |
279 | 14 | #define PRFLAGS_FEC 0x04 |
280 | 14 | #define PRFLAGS_RSV 0xF8 |
281 | | |
282 | | |
283 | | /**************************************************************************/ |
284 | | /* Frame Type Regular */ |
285 | | /**************************************************************************/ |
286 | 0 | #define FT_PADDING 0x00 |
287 | 0 | #define FT_RST_STREAM 0x01 |
288 | 0 | #define FT_CONNECTION_CLOSE 0x02 |
289 | 0 | #define FT_GOAWAY 0x03 |
290 | 0 | #define FT_WINDOW_UPDATE 0x04 |
291 | 0 | #define FT_BLOCKED 0x05 |
292 | 0 | #define FT_STOP_WAITING 0x06 |
293 | 0 | #define FT_PING 0x07 |
294 | | /* CRYPTO is not a real GQUIC frame, but a QUIC one. Since some GQUIC flows |
295 | | * have this kind of frame, try handling it like all the others */ |
296 | 0 | #define FT_CRYPTO 0x08 |
297 | | |
298 | | /**************************************************************************/ |
299 | | /* Frame Type Special */ |
300 | | /**************************************************************************/ |
301 | 0 | #define FTFLAGS_SPECIAL 0xE0 |
302 | | |
303 | 14 | #define FTFLAGS_STREAM 0x80 |
304 | 14 | #define FTFLAGS_STREAM_F 0x40 |
305 | 14 | #define FTFLAGS_STREAM_D 0x20 |
306 | 14 | #define FTFLAGS_STREAM_OOO 0x1C |
307 | 14 | #define FTFLAGS_STREAM_SS 0x03 |
308 | | |
309 | 14 | #define FTFLAGS_ACK 0x40 |
310 | 14 | #define FTFLAGS_ACK_N 0x20 |
311 | 14 | #define FTFLAGS_ACK_U 0x10 |
312 | 14 | #define FTFLAGS_ACK_T 0x10 |
313 | 14 | #define FTFLAGS_ACK_LL 0x0C |
314 | 14 | #define FTFLAGS_ACK_MM 0x03 |
315 | | |
316 | | static const range_string frame_type_vals[] = { |
317 | | { 0,0, "PADDING" }, |
318 | | { 1,1, "RST_STREAM" }, |
319 | | { 2,2, "CONNECTION_CLOSE" }, |
320 | | { 3,3, "GOAWAY" }, |
321 | | { 4,4, "WINDOW_UPDATE" }, |
322 | | { 5,5, "BLOCKED" }, |
323 | | { 6,6, "STOP_WAITING" }, |
324 | | { 7,7, "PING" }, |
325 | | { 8,8, "CRYPTO" }, |
326 | | { 9,31, "Unknown" }, |
327 | | { 32,63, "CONGESTION_FEEDBACK (Special Frame Type)" }, |
328 | | { 64,127, "ACK (Special Frame Type)" }, |
329 | | { 128,256, "STREAM (Special Frame Type)" }, |
330 | | { 0,0, NULL } |
331 | | }; |
332 | | |
333 | | static const value_string len_offset_vals[] = { |
334 | | { 0, "0 Byte" }, |
335 | | { 1, "2 Bytes" }, |
336 | | { 2, "3 Bytes" }, |
337 | | { 3, "4 Bytes" }, |
338 | | { 4, "5 Bytes" }, |
339 | | { 5, "6 Bytes" }, |
340 | | { 6, "7 Bytes" }, |
341 | | { 7, "8 Bytes" }, |
342 | | { 0, NULL } |
343 | | }; |
344 | | |
345 | | static const value_string len_stream_vals[] = { |
346 | | { 0, "1 Byte" }, |
347 | | { 1, "2 Bytes" }, |
348 | | { 2, "3 Bytes" }, |
349 | | { 3, "4 Bytes" }, |
350 | | { 0, NULL } |
351 | | }; |
352 | | |
353 | | static const true_false_string len_data_vals = { |
354 | | "2 Bytes", |
355 | | "0 Byte" |
356 | | }; |
357 | | |
358 | | static const value_string len_largest_observed_vals[] = { |
359 | | { 0, "1 Byte" }, |
360 | | { 1, "2 Bytes" }, |
361 | | { 2, "4 Bytes" }, |
362 | | { 3, "6 Bytes" }, |
363 | | { 0, NULL } |
364 | | }; |
365 | | |
366 | | static const value_string len_missing_packet_vals[] = { |
367 | | { 0, "1 Byte" }, |
368 | | { 1, "2 Bytes" }, |
369 | | { 2, "4 Bytes" }, |
370 | | { 3, "6 Bytes" }, |
371 | | { 0, NULL } |
372 | | }; |
373 | | |
374 | | |
375 | | /**************************************************************************/ |
376 | | /* Message tag */ |
377 | | /**************************************************************************/ |
378 | | |
379 | 0 | #define MTAG_CHLO 0x43484C4F |
380 | 0 | #define MTAG_SHLO 0x53484C4F |
381 | 0 | #define MTAG_REJ 0x52454A00 |
382 | | #define MTAG_PRST 0x50525354 |
383 | | |
384 | | static const value_string message_tag_vals[] = { |
385 | | { MTAG_CHLO, "Client Hello" }, |
386 | | { MTAG_SHLO, "Server Hello" }, |
387 | | { MTAG_REJ, "Rejection" }, |
388 | | { MTAG_PRST, "Public Reset" }, |
389 | | { 0, NULL } |
390 | | }; |
391 | | |
392 | | /**************************************************************************/ |
393 | | /* Tag */ |
394 | | /**************************************************************************/ |
395 | | /* See https://chromium.googlesource.com/chromium/src.git/+/master/net/third_party/quic/core/crypto/crypto_protocol.h */ |
396 | | |
397 | 0 | #define TAG_PAD 0x50414400 |
398 | 0 | #define TAG_SNI 0x534E4900 |
399 | 0 | #define TAG_VER 0x56455200 |
400 | 0 | #define TAG_CCS 0x43435300 |
401 | 0 | #define TAG_UAID 0x55414944 |
402 | 0 | #define TAG_PDMD 0x50444d44 |
403 | 0 | #define TAG_STK 0x53544b00 |
404 | 0 | #define TAG_SNO 0x534E4F00 |
405 | 0 | #define TAG_PROF 0x50524F46 |
406 | 0 | #define TAG_SCFG 0x53434647 |
407 | 0 | #define TAG_RREJ 0x5252454A |
408 | 0 | #define TAG_CRT 0x435254FF |
409 | 0 | #define TAG_AEAD 0x41454144 |
410 | 0 | #define TAG_SCID 0x53434944 |
411 | 0 | #define TAG_PUBS 0x50554253 |
412 | 0 | #define TAG_KEXS 0x4B455853 |
413 | 0 | #define TAG_OBIT 0x4F424954 |
414 | 0 | #define TAG_EXPY 0x45585059 |
415 | 0 | #define TAG_NONC 0x4E4F4E43 |
416 | 0 | #define TAG_MSPC 0x4D535043 |
417 | 0 | #define TAG_TCID 0x54434944 |
418 | 0 | #define TAG_SRBF 0x53524246 |
419 | 0 | #define TAG_ICSL 0x4943534C |
420 | 0 | #define TAG_SCLS 0x53434C53 |
421 | 0 | #define TAG_COPT 0x434F5054 |
422 | 0 | #define TAG_CCRT 0x43435254 |
423 | 0 | #define TAG_IRTT 0x49525454 |
424 | 0 | #define TAG_CFCW 0x43464357 |
425 | 0 | #define TAG_SFCW 0x53464357 |
426 | 0 | #define TAG_CETV 0x43455456 |
427 | 0 | #define TAG_XLCT 0x584C4354 |
428 | 0 | #define TAG_NONP 0x4E4F4E50 |
429 | 0 | #define TAG_CSCT 0x43534354 |
430 | 0 | #define TAG_CTIM 0x4354494D |
431 | 0 | #define TAG_MIDS 0x4D494453 |
432 | 0 | #define TAG_FHOL 0x46484F4C |
433 | 0 | #define TAG_STTL 0x5354544C |
434 | 0 | #define TAG_SMHL 0x534D484C |
435 | 0 | #define TAG_TBKP 0x54424B50 |
436 | 0 | #define TAG_MAD0 0x4d414400 |
437 | 0 | #define TAG_QLVE 0x514C5645 |
438 | 0 | #define TAG_CGST 0x43475354 |
439 | 0 | #define TAG_EPID 0x45504944 |
440 | 0 | #define TAG_SRST 0x53525354 |
441 | | |
442 | | /* Public Reset Tag */ |
443 | 0 | #define TAG_RNON 0x524E4F4E |
444 | 0 | #define TAG_RSEQ 0x52534551 |
445 | 0 | #define TAG_CADR 0x43414452 |
446 | | |
447 | | static const value_string tag_vals[] = { |
448 | | { TAG_PAD, "Padding" }, |
449 | | { TAG_SNI, "Server Name Indication" }, |
450 | | { TAG_VER, "Version" }, |
451 | | { TAG_CCS, "Common Certificate Sets" }, |
452 | | { TAG_UAID, "Client's User Agent ID" }, |
453 | | { TAG_PDMD, "Proof Demand" }, |
454 | | { TAG_STK, "Source Address Token" }, |
455 | | { TAG_SNO, "Server nonce" }, |
456 | | { TAG_PROF, "Proof (Signature)" }, |
457 | | { TAG_SCFG, "Server Config" }, |
458 | | { TAG_RREJ, "Reasons for server sending" }, |
459 | | { TAG_CRT, "Certificate chain" }, |
460 | | { TAG_AEAD, "Authenticated encryption algorithms" }, |
461 | | { TAG_SCID, "Server config ID" }, |
462 | | { TAG_PUBS, "Public value" }, |
463 | | { TAG_KEXS, "Key exchange algorithms" }, |
464 | | { TAG_OBIT, "Server Orbit" }, |
465 | | { TAG_EXPY, "Expiry" }, |
466 | | { TAG_NONC, "Client Nonce" }, |
467 | | { TAG_MSPC, "Max streams per connection" }, |
468 | | { TAG_TCID, "Connection ID truncation" }, |
469 | | { TAG_SRBF, "Socket receive buffer" }, |
470 | | { TAG_ICSL, "Idle connection state" }, |
471 | | { TAG_SCLS, "Silently close on timeout" }, |
472 | | { TAG_COPT, "Connection options" }, |
473 | | { TAG_CCRT, "Cached certificates" }, |
474 | | { TAG_IRTT, "Estimated initial RTT" }, |
475 | | { TAG_CFCW, "Initial session/connection" }, |
476 | | { TAG_SFCW, "Initial stream flow control" }, |
477 | | { TAG_CETV, "Client encrypted tag-value" }, |
478 | | { TAG_XLCT, "Expected leaf certificate" }, |
479 | | { TAG_NONP, "Client Proof Nonce" }, |
480 | | { TAG_CSCT, "Signed cert timestamp (RFC6962) of leaf cert" }, |
481 | | { TAG_CTIM, "Client Timestamp" }, |
482 | | { TAG_MIDS, "Max incoming dynamic streams" }, |
483 | | { TAG_FHOL, "Force Head Of Line blocking" }, |
484 | | { TAG_STTL, "Server Config TTL" }, |
485 | | { TAG_SMHL, "Support Max Header List (size)" }, |
486 | | { TAG_TBKP, "Token Binding Key Params" }, |
487 | | { TAG_MAD0, "Max Ack Delay (IETF QUIC)" }, |
488 | | { TAG_QLVE, "Legacy Version Encapsulation" }, |
489 | | { TAG_CGST, "Congestion Control Feedback Type" }, |
490 | | { TAG_EPID, "Endpoint Identifier" }, |
491 | | { TAG_SRST, "Stateless Reset Token" }, |
492 | | |
493 | | { TAG_RNON, "Public Reset Nonce Proof" }, |
494 | | { TAG_RSEQ, "Rejected Packet Number" }, |
495 | | { TAG_CADR, "Client Address" }, |
496 | | { 0, NULL } |
497 | | }; |
498 | | |
499 | | |
500 | | /**************************************************************************/ |
501 | | /* AEAD Tag */ |
502 | | /**************************************************************************/ |
503 | | |
504 | | #define AEAD_AESG 0x41455347 |
505 | | #define AEAD_S20P 0x53323050 |
506 | | #define AEAD_CC12 0x43433132 |
507 | | |
508 | | static const value_string tag_aead_vals[] = { |
509 | | { AEAD_AESG, "AES-GCM with a 12-byte tag and IV" }, |
510 | | { AEAD_S20P, "Salsa20 with Poly1305" }, |
511 | | { AEAD_CC12, "ChaCha12 with Poly1305" }, |
512 | | { 0, NULL } |
513 | | }; |
514 | | |
515 | | /**************************************************************************/ |
516 | | /* KEXS Tag */ |
517 | | /**************************************************************************/ |
518 | | |
519 | | #define KEXS_C255 0x43323535 |
520 | | #define KEXS_P256 0x50323536 |
521 | | |
522 | | static const value_string tag_kexs_vals[] = { |
523 | | { KEXS_C255, "Curve25519" }, |
524 | | { KEXS_P256, "P-256" }, |
525 | | { 0, NULL } |
526 | | }; |
527 | | |
528 | | /**************************************************************************/ |
529 | | /* Client Address Type */ |
530 | | /**************************************************************************/ |
531 | | |
532 | | static const value_string cadr_type_vals[] = { |
533 | | { 2, "IPv4" }, |
534 | | { 10, "IPv6" }, |
535 | | { 0, NULL } |
536 | | }; |
537 | | |
538 | | /**************************************************************************/ |
539 | | /* Error Code */ |
540 | | /**************************************************************************/ |
541 | | /* See https://chromium.googlesource.com/chromium/src.git/+/master/net/third_party/quic/core/quic_error_codes.h */ |
542 | | |
543 | | enum QuicErrorCode { |
544 | | QUIC_NO_ERROR = 0, |
545 | | /* Connection has reached an invalid state. */ |
546 | | QUIC_INTERNAL_ERROR = 1, |
547 | | /* There were data frames after the a fin or reset. */ |
548 | | QUIC_STREAM_DATA_AFTER_TERMINATION = 2, |
549 | | /* Control frame is malformed. */ |
550 | | QUIC_INVALID_PACKET_HEADER = 3, |
551 | | /* Frame data is malformed. */ |
552 | | QUIC_INVALID_FRAME_DATA = 4, |
553 | | /* The packet contained no payload. */ |
554 | | QUIC_MISSING_PAYLOAD = 48, |
555 | | /* FEC data is malformed. */ |
556 | | QUIC_INVALID_FEC_DATA = 5, |
557 | | /* STREAM frame data is malformed. */ |
558 | | QUIC_INVALID_STREAM_DATA = 46, |
559 | | /* STREAM frame data overlaps with buffered data. */ |
560 | | QUIC_OVERLAPPING_STREAM_DATA = 87, |
561 | | /* STREAM frame data is not encrypted. */ |
562 | | QUIC_UNENCRYPTED_STREAM_DATA = 61, |
563 | | /* Attempt to send unencrypted STREAM frame. */ |
564 | | QUIC_ATTEMPT_TO_SEND_UNENCRYPTED_STREAM_DATA = 88, |
565 | | /* Received a frame which is likely the result of memory corruption. */ |
566 | | QUIC_MAYBE_CORRUPTED_MEMORY = 89, |
567 | | /* FEC frame data is not encrypted. */ |
568 | | QUIC_UNENCRYPTED_FEC_DATA = 77, |
569 | | /* RST_STREAM frame data is malformed. */ |
570 | | QUIC_INVALID_RST_STREAM_DATA = 6, |
571 | | /* CONNECTION_CLOSE frame data is malformed. */ |
572 | | QUIC_INVALID_CONNECTION_CLOSE_DATA = 7, |
573 | | /* GOAWAY frame data is malformed. */ |
574 | | QUIC_INVALID_GOAWAY_DATA = 8, |
575 | | /* WINDOW_UPDATE frame data is malformed. */ |
576 | | QUIC_INVALID_WINDOW_UPDATE_DATA = 57, |
577 | | /* BLOCKED frame data is malformed. */ |
578 | | QUIC_INVALID_BLOCKED_DATA = 58, |
579 | | /* STOP_WAITING frame data is malformed. */ |
580 | | QUIC_INVALID_STOP_WAITING_DATA = 60, |
581 | | /* PATH_CLOSE frame data is malformed. */ |
582 | | QUIC_INVALID_PATH_CLOSE_DATA = 78, |
583 | | /* ACK frame data is malformed. */ |
584 | | QUIC_INVALID_ACK_DATA = 9, |
585 | | /* deprecated: */ |
586 | | QUIC_INVALID_CONGESTION_FEEDBACK_DATA = 47, |
587 | | /* Version negotiation packet is malformed. */ |
588 | | QUIC_INVALID_VERSION_NEGOTIATION_PACKET = 10, |
589 | | /* Public RST packet is malformed. */ |
590 | | QUIC_INVALID_PUBLIC_RST_PACKET = 11, |
591 | | /* There was an error decrypting. */ |
592 | | QUIC_DECRYPTION_FAILURE = 12, |
593 | | /* There was an error encrypting. */ |
594 | | QUIC_ENCRYPTION_FAILURE = 13, |
595 | | /* The packet exceeded kMaxPacketSize. */ |
596 | | QUIC_PACKET_TOO_LARGE = 14, |
597 | | /* Data was sent for a stream which did not exist. */ |
598 | | QUIC_PACKET_FOR_NONEXISTENT_STREAM = 15, |
599 | | /* The peer is going away. May be a client or server. */ |
600 | | QUIC_PEER_GOING_AWAY = 16, |
601 | | /* A stream ID was invalid. */ |
602 | | QUIC_INVALID_STREAM_ID = 17, |
603 | | /* A priority was invalid. */ |
604 | | QUIC_INVALID_PRIORITY = 49, |
605 | | /* Too many streams already open. */ |
606 | | QUIC_TOO_MANY_OPEN_STREAMS = 18, |
607 | | /* The peer created too many available streams. */ |
608 | | QUIC_TOO_MANY_AVAILABLE_STREAMS = 76, |
609 | | /* The peer must send a FIN/RST for each stream, and has not been doing so. */ |
610 | | QUIC_TOO_MANY_UNFINISHED_STREAMS = 66, |
611 | | /* Received public reset for this connection. */ |
612 | | QUIC_PUBLIC_RESET = 19, |
613 | | /* Invalid protocol version. */ |
614 | | QUIC_INVALID_VERSION = 20, |
615 | | /* deprecated: */ |
616 | | QUIC_STREAM_RST_BEFORE_HEADERS_DECOMPRESSED = 21, |
617 | | /* The Header ID for a stream was too far from the previous. */ |
618 | | QUIC_INVALID_HEADER_ID = 22, |
619 | | /* Negotiable parameter received during handshake had invalid value. */ |
620 | | QUIC_INVALID_NEGOTIATED_VALUE = 23, |
621 | | /* There was an error decompressing data. */ |
622 | | QUIC_DECOMPRESSION_FAILURE = 24, |
623 | | /* We hit our prenegotiated (or default) timeout */ |
624 | | QUIC_CONNECTION_TIMED_OUT = 25, |
625 | | /* We hit our overall connection timeout */ |
626 | | QUIC_CONNECTION_OVERALL_TIMED_OUT = 67, |
627 | | /* There was an error encountered migrating addresses */ |
628 | | QUIC_ERROR_MIGRATING_ADDRESS = 26, |
629 | | /* There was an error encountered migrating port only. */ |
630 | | QUIC_ERROR_MIGRATING_PORT = 86, |
631 | | /* There was an error while writing to the socket. */ |
632 | | QUIC_PACKET_WRITE_ERROR = 27, |
633 | | /* There was an error while reading from the socket. */ |
634 | | QUIC_PACKET_READ_ERROR = 51, |
635 | | /* We received a STREAM_FRAME with no data and no fin flag set. */ |
636 | | QUIC_INVALID_STREAM_FRAME = 50, |
637 | | /* We received invalid data on the headers stream. */ |
638 | | QUIC_INVALID_HEADERS_STREAM_DATA = 56, |
639 | | /* Invalid data on the headers stream received because of decompression failure. */ |
640 | | QUIC_HEADERS_STREAM_DATA_DECOMPRESS_FAILURE = 97, |
641 | | /* The peer received too much data, violating flow control. */ |
642 | | QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA = 59, |
643 | | /* The peer sent too much data, violating flow control. */ |
644 | | QUIC_FLOW_CONTROL_SENT_TOO_MUCH_DATA = 63, |
645 | | /* The peer received an invalid flow control window. */ |
646 | | QUIC_FLOW_CONTROL_INVALID_WINDOW = 64, |
647 | | /* The connection has been IP pooled into an existing connection. */ |
648 | | QUIC_CONNECTION_IP_POOLED = 62, |
649 | | /* The connection has too many outstanding sent packets. */ |
650 | | QUIC_TOO_MANY_OUTSTANDING_SENT_PACKETS = 68, |
651 | | /* The connection has too many outstanding received packets. */ |
652 | | QUIC_TOO_MANY_OUTSTANDING_RECEIVED_PACKETS = 69, |
653 | | /* The quic connection job to load server config is cancelled. */ |
654 | | QUIC_CONNECTION_CANCELLED = 70, |
655 | | /* Disabled QUIC because of high packet loss rate. */ |
656 | | QUIC_BAD_PACKET_LOSS_RATE = 71, |
657 | | /* Disabled QUIC because of too many PUBLIC_RESETs post handshake. */ |
658 | | QUIC_PUBLIC_RESETS_POST_HANDSHAKE = 73, |
659 | | /* Disabled QUIC because of too many timeouts with streams open. */ |
660 | | QUIC_TIMEOUTS_WITH_OPEN_STREAMS = 74, |
661 | | /* Closed because we failed to serialize a packet. */ |
662 | | QUIC_FAILED_TO_SERIALIZE_PACKET = 75, |
663 | | /* QUIC timed out after too many RTOs. */ |
664 | | QUIC_TOO_MANY_RTOS = 85, |
665 | | |
666 | | /* Crypto errors. */ |
667 | | /* Handshake failed. */ |
668 | | QUIC_HANDSHAKE_FAILED = 28, |
669 | | /* Handshake message contained out of order tags. */ |
670 | | QUIC_CRYPTO_TAGS_OUT_OF_ORDER = 29, |
671 | | /* Handshake message contained too many entries. */ |
672 | | QUIC_CRYPTO_TOO_MANY_ENTRIES = 30, |
673 | | /* Handshake message contained an invalid value length. */ |
674 | | QUIC_CRYPTO_INVALID_VALUE_LENGTH = 31, |
675 | | /* A crypto message was received after the handshake was complete. */ |
676 | | QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE = 32, |
677 | | /* A crypto message was received with an illegal message tag. */ |
678 | | QUIC_INVALID_CRYPTO_MESSAGE_TYPE = 33, |
679 | | /* A crypto message was received with an illegal parameter. */ |
680 | | QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER = 34, |
681 | | /* An invalid channel id signature was supplied. */ |
682 | | QUIC_INVALID_CHANNEL_ID_SIGNATURE = 52, |
683 | | /* A crypto message was received with a mandatory parameter missing. */ |
684 | | QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND = 35, |
685 | | /* A crypto message was received with a parameter that has no overlap |
686 | | with the local parameter. */ |
687 | | QUIC_CRYPTO_MESSAGE_PARAMETER_NO_OVERLAP = 36, |
688 | | /* A crypto message was received that contained a parameter with too few |
689 | | values. */ |
690 | | QUIC_CRYPTO_MESSAGE_INDEX_NOT_FOUND = 37, |
691 | | /* A demand for an unsupport proof type was received. */ |
692 | | QUIC_UNSUPPORTED_PROOF_DEMAND = 94, |
693 | | /* An internal error occurred in crypto processing. */ |
694 | | QUIC_CRYPTO_INTERNAL_ERROR = 38, |
695 | | /* A crypto handshake message specified an unsupported version. */ |
696 | | QUIC_CRYPTO_VERSION_NOT_SUPPORTED = 39, |
697 | | /* A crypto handshake message resulted in a stateless reject. */ |
698 | | QUIC_CRYPTO_HANDSHAKE_STATELESS_REJECT = 72, |
699 | | /* There was no intersection between the crypto primitives supported by the |
700 | | peer and ourselves. */ |
701 | | QUIC_CRYPTO_NO_SUPPORT = 40, |
702 | | /* The server rejected our client hello messages too many times. */ |
703 | | QUIC_CRYPTO_TOO_MANY_REJECTS = 41, |
704 | | /* The client rejected the server's certificate chain or signature. */ |
705 | | QUIC_PROOF_INVALID = 42, |
706 | | /* A crypto message was received with a duplicate tag. */ |
707 | | QUIC_CRYPTO_DUPLICATE_TAG = 43, |
708 | | /* A crypto message was received with the wrong encryption level (i.e. it |
709 | | should have been encrypted but was not. ) */ |
710 | | QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT = 44, |
711 | | /* The server config for a server has expired. */ |
712 | | QUIC_CRYPTO_SERVER_CONFIG_EXPIRED = 45, |
713 | | /* We failed to setup the symmetric keys for a connection. */ |
714 | | QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED = 53, |
715 | | /* A handshake message arrived, but we are still validating the |
716 | | previous handshake message. */ |
717 | | QUIC_CRYPTO_MESSAGE_WHILE_VALIDATING_CLIENT_HELLO = 54, |
718 | | /* A server config update arrived before the handshake is complete. */ |
719 | | QUIC_CRYPTO_UPDATE_BEFORE_HANDSHAKE_COMPLETE = 65, |
720 | | /* CHLO cannot fit in one packet. */ |
721 | | QUIC_CRYPTO_CHLO_TOO_LARGE = 90, |
722 | | /* This connection involved a version negotiation which appears to have been |
723 | | tampered with. */ |
724 | | QUIC_VERSION_NEGOTIATION_MISMATCH = 55, |
725 | | |
726 | | /* Multipath is not enabled, but a packet with multipath flag on is received. */ |
727 | | QUIC_BAD_MULTIPATH_FLAG = 79, |
728 | | /* A path is supposed to exist but does not. */ |
729 | | QUIC_MULTIPATH_PATH_DOES_NOT_EXIST = 91, |
730 | | /* A path is supposed to be active but is not. */ |
731 | | QUIC_MULTIPATH_PATH_NOT_ACTIVE = 92, |
732 | | |
733 | | /* IP address changed causing connection close. */ |
734 | | QUIC_IP_ADDRESS_CHANGED = 80, |
735 | | |
736 | | /* Connection migration errors. */ |
737 | | /* Network changed, but connection had no migratable streams. */ |
738 | | QUIC_CONNECTION_MIGRATION_NO_MIGRATABLE_STREAMS = 81, |
739 | | /* Connection changed networks too many times. */ |
740 | | QUIC_CONNECTION_MIGRATION_TOO_MANY_CHANGES = 82, |
741 | | /* Connection migration was attempted, but there was no new network to migrate to. */ |
742 | | QUIC_CONNECTION_MIGRATION_NO_NEW_NETWORK = 83, |
743 | | /* Network changed, but connection had one or more non-migratable streams. */ |
744 | | QUIC_CONNECTION_MIGRATION_NON_MIGRATABLE_STREAM = 84, |
745 | | /* Network changed, but connection migration was disabled by config. */ |
746 | | QUIC_CONNECTION_MIGRATION_DISABLED_BY_CONFIG = 99, |
747 | | /* Network changed, but error was encountered on the alternative network. */ |
748 | | QUIC_CONNECTION_MIGRATION_INTERNAL_ERROR = 100, |
749 | | |
750 | | /* Stream frames arrived too discontiguously so that stream sequencer buffer maintains too many gaps. */ |
751 | | QUIC_TOO_MANY_FRAME_GAPS = 93, |
752 | | |
753 | | /* Sequencer buffer get into weird state where continuing read/write will lead |
754 | | to crash. */ |
755 | | QUIC_STREAM_SEQUENCER_INVALID_STATE = 95, |
756 | | /* Connection closed because of server hits max number of sessions allowed. */ |
757 | | QUIC_TOO_MANY_SESSIONS_ON_SERVER = 96, |
758 | | |
759 | | /* Receive a RST_STREAM with offset larger than kMaxStreamLength. */ |
760 | | QUIC_STREAM_LENGTH_OVERFLOW = 98, |
761 | | |
762 | | /* No error. Used as bound while iterating. */ |
763 | | QUIC_LAST_ERROR = 101 |
764 | | }; |
765 | | |
766 | | |
767 | | static const value_string error_code_vals[] = { |
768 | | { QUIC_NO_ERROR, "There was no error" }, |
769 | | { QUIC_INTERNAL_ERROR, "Connection has reached an invalid state" }, |
770 | | { QUIC_STREAM_DATA_AFTER_TERMINATION, "There were data frames after the a fin or reset" }, |
771 | | { QUIC_INVALID_PACKET_HEADER, "Control frame is malformed" }, |
772 | | { QUIC_INVALID_FRAME_DATA, "Frame data is malformed" }, |
773 | | { QUIC_INVALID_FEC_DATA, "FEC data is malformed" }, |
774 | | { QUIC_INVALID_RST_STREAM_DATA, "RST_STREAM frame data is malformed" }, |
775 | | { QUIC_INVALID_CONNECTION_CLOSE_DATA, "CONNECTION_CLOSE frame data is malformed" }, |
776 | | { QUIC_INVALID_GOAWAY_DATA, "GOAWAY frame data is malformed" }, |
777 | | { QUIC_INVALID_ACK_DATA, "ACK frame data is malformed" }, |
778 | | { QUIC_INVALID_VERSION_NEGOTIATION_PACKET, "Version negotiation packet is malformed" }, |
779 | | { QUIC_INVALID_PUBLIC_RST_PACKET, "Public RST packet is malformed" }, |
780 | | { QUIC_DECRYPTION_FAILURE, "There was an error decrypting" }, |
781 | | { QUIC_ENCRYPTION_FAILURE, "There was an error encrypting" }, |
782 | | { QUIC_PACKET_TOO_LARGE, "The packet exceeded kMaxPacketSize" }, |
783 | | { QUIC_PACKET_FOR_NONEXISTENT_STREAM, "Data was sent for a stream which did not exist" }, |
784 | | { QUIC_PEER_GOING_AWAY, "The peer is going away. May be a client or server" }, |
785 | | { QUIC_INVALID_STREAM_ID, "A stream ID was invalid" }, |
786 | | { QUIC_TOO_MANY_OPEN_STREAMS, "Too many streams already open" }, |
787 | | { QUIC_PUBLIC_RESET, "Received public reset for this connection" }, |
788 | | { QUIC_INVALID_VERSION, "Invalid protocol version" }, |
789 | | { QUIC_STREAM_RST_BEFORE_HEADERS_DECOMPRESSED, "Stream RST before Headers decompressed (Deprecated)" }, |
790 | | { QUIC_INVALID_HEADER_ID, "The Header ID for a stream was too far from the previous" }, |
791 | | { QUIC_INVALID_NEGOTIATED_VALUE, "Negotiable parameter received during handshake had invalid value" }, |
792 | | { QUIC_DECOMPRESSION_FAILURE, "There was an error decompressing data" }, |
793 | | { QUIC_CONNECTION_TIMED_OUT, "We hit our prenegotiated (or default) timeout" }, |
794 | | { QUIC_ERROR_MIGRATING_ADDRESS, "There was an error encountered migrating addresses" }, |
795 | | { QUIC_PACKET_WRITE_ERROR, "There was an error while writing to the socket" }, |
796 | | { QUIC_HANDSHAKE_FAILED, "Handshake failed" }, |
797 | | { QUIC_CRYPTO_TAGS_OUT_OF_ORDER, "Handshake message contained out of order tags" }, |
798 | | { QUIC_CRYPTO_TOO_MANY_ENTRIES, "Handshake message contained too many entries" }, |
799 | | { QUIC_CRYPTO_INVALID_VALUE_LENGTH, "Handshake message contained an invalid value length" }, |
800 | | { QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE, "A crypto message was received after the handshake was complete" }, |
801 | | { QUIC_INVALID_CRYPTO_MESSAGE_TYPE, "A crypto message was received with an illegal message tag" }, |
802 | | { QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, "A crypto message was received with an illegal parameter" }, |
803 | | { QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND, "A crypto message was received with a mandatory parameter missing" }, |
804 | | { QUIC_CRYPTO_MESSAGE_PARAMETER_NO_OVERLAP, "A crypto message was received with a parameter that has no overlap with the local parameter" }, |
805 | | { QUIC_CRYPTO_MESSAGE_INDEX_NOT_FOUND, "A crypto message was received that contained a parameter with too few values" }, |
806 | | { QUIC_CRYPTO_INTERNAL_ERROR, "An internal error occurred in crypto processing" }, |
807 | | { QUIC_CRYPTO_VERSION_NOT_SUPPORTED, "A crypto handshake message specified an unsupported version" }, |
808 | | |
809 | | { QUIC_CRYPTO_NO_SUPPORT, "There was no intersection between the crypto primitives supported by the peer and ourselves" }, |
810 | | { QUIC_CRYPTO_TOO_MANY_REJECTS, "The server rejected our client hello messages too many times" }, |
811 | | { QUIC_PROOF_INVALID, "The client rejected the server's certificate chain or signature" }, |
812 | | { QUIC_CRYPTO_DUPLICATE_TAG, "A crypto message was received with a duplicate tag" }, |
813 | | { QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT, "A crypto message was received with the wrong encryption level (i.e. it should have been encrypted but was not" }, |
814 | | { QUIC_CRYPTO_SERVER_CONFIG_EXPIRED, "The server config for a server has expired" }, |
815 | | { QUIC_INVALID_STREAM_DATA, "STREAM frame data is malformed" }, |
816 | | { QUIC_INVALID_CONGESTION_FEEDBACK_DATA, "Invalid congestion Feedback data (Deprecated)" }, |
817 | | { QUIC_MISSING_PAYLOAD, "The packet contained no payload" }, |
818 | | { QUIC_INVALID_PRIORITY, "A priority was invalid" }, |
819 | | { QUIC_INVALID_STREAM_FRAME, "We received a STREAM_FRAME with no data and no fin flag set" }, |
820 | | { QUIC_PACKET_READ_ERROR, "There was an error while reading from the socket" }, |
821 | | { QUIC_INVALID_CHANNEL_ID_SIGNATURE, "An invalid channel id signature was supplied" }, |
822 | | { QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED, "We failed to setup the symmetric keys for a connection" }, |
823 | | { QUIC_CRYPTO_MESSAGE_WHILE_VALIDATING_CLIENT_HELLO, "A handshake message arrived, but we are still validating the previous handshake message" }, |
824 | | { QUIC_VERSION_NEGOTIATION_MISMATCH, "This connection involved a version negotiation which appears to have been tampered with" }, |
825 | | { QUIC_INVALID_HEADERS_STREAM_DATA, "We received invalid data on the headers stream" }, |
826 | | { QUIC_INVALID_WINDOW_UPDATE_DATA, "WINDOW_UPDATE frame data is malformed" }, |
827 | | { QUIC_INVALID_BLOCKED_DATA, "BLOCKED frame data is malformed" }, |
828 | | |
829 | | { QUIC_FLOW_CONTROL_RECEIVED_TOO_MUCH_DATA, "The peer received too much data, violating flow control" }, |
830 | | { QUIC_INVALID_STOP_WAITING_DATA, "STOP_WAITING frame data is malformed" }, |
831 | | { QUIC_UNENCRYPTED_STREAM_DATA, "STREAM frame data is not encrypted" }, |
832 | | { QUIC_CONNECTION_IP_POOLED, "The connection has been IP pooled into an existing connection" }, |
833 | | { QUIC_FLOW_CONTROL_SENT_TOO_MUCH_DATA, "The peer sent too much data, violating flow control" }, |
834 | | { QUIC_FLOW_CONTROL_INVALID_WINDOW, "The peer received an invalid flow control window" }, |
835 | | { QUIC_CRYPTO_UPDATE_BEFORE_HANDSHAKE_COMPLETE, "A server config update arrived before the handshake is complete" }, |
836 | | { QUIC_TOO_MANY_UNFINISHED_STREAMS, "The peer must send a FIN/RST for each stream, and has not been doing so" }, |
837 | | { QUIC_CONNECTION_OVERALL_TIMED_OUT, "We hit our overall connection timeout" }, |
838 | | { QUIC_TOO_MANY_OUTSTANDING_SENT_PACKETS, "The connection has too many outstanding sent packets" }, |
839 | | { QUIC_TOO_MANY_OUTSTANDING_RECEIVED_PACKETS, "The connection has too many outstanding received packets" }, |
840 | | { QUIC_CONNECTION_CANCELLED, "The quic connection job to load server config is cancelled" }, |
841 | | { QUIC_BAD_PACKET_LOSS_RATE, "Disabled QUIC because of high packet loss rate" }, |
842 | | { QUIC_CRYPTO_HANDSHAKE_STATELESS_REJECT, "A crypto handshake message resulted in a stateless reject" }, |
843 | | { QUIC_PUBLIC_RESETS_POST_HANDSHAKE, "Disabled QUIC because of too many PUBLIC_RESETs post handshake" }, |
844 | | { QUIC_TIMEOUTS_WITH_OPEN_STREAMS, "Disabled QUIC because of too many timeouts with streams open" }, |
845 | | { QUIC_FAILED_TO_SERIALIZE_PACKET, "Closed because we failed to serialize a packet" }, |
846 | | { QUIC_TOO_MANY_AVAILABLE_STREAMS, "The peer created too many available streams" }, |
847 | | { QUIC_UNENCRYPTED_FEC_DATA, "FEC frame data is not encrypted" }, |
848 | | { QUIC_INVALID_PATH_CLOSE_DATA, "PATH_CLOSE frame data is malformed" }, |
849 | | { QUIC_BAD_MULTIPATH_FLAG, "Multipath is not enabled, but a packet with multipath flag on is received" }, |
850 | | { QUIC_IP_ADDRESS_CHANGED, "IP address changed causing connection close" }, |
851 | | { QUIC_CONNECTION_MIGRATION_NO_MIGRATABLE_STREAMS, "Network changed, but connection had no migratable stream" }, |
852 | | { QUIC_CONNECTION_MIGRATION_TOO_MANY_CHANGES, "Connection changed networks too many times" }, |
853 | | { QUIC_CONNECTION_MIGRATION_NO_NEW_NETWORK, "Connection migration was attempted, but there was no new network to migrate to" }, |
854 | | { QUIC_CONNECTION_MIGRATION_NON_MIGRATABLE_STREAM, "Network changed, but connection had one or more non-migratable streams" }, |
855 | | { QUIC_TOO_MANY_RTOS, "QUIC timed out after too many RTOs" }, |
856 | | { QUIC_ERROR_MIGRATING_PORT, "There was an error encountered migrating port only" }, |
857 | | { QUIC_OVERLAPPING_STREAM_DATA, "STREAM frame data overlaps with buffered data" }, |
858 | | { QUIC_ATTEMPT_TO_SEND_UNENCRYPTED_STREAM_DATA, "Attempt to send unencrypted STREAM frame" }, |
859 | | { QUIC_MAYBE_CORRUPTED_MEMORY, "Received a frame which is likely the result of memory corruption" }, |
860 | | { QUIC_CRYPTO_CHLO_TOO_LARGE, "CHLO cannot fit in one packet" }, |
861 | | { QUIC_MULTIPATH_PATH_DOES_NOT_EXIST, "A path is supposed to exist but does not" }, |
862 | | { QUIC_MULTIPATH_PATH_NOT_ACTIVE, "A path is supposed to be active but is not" }, |
863 | | { QUIC_TOO_MANY_FRAME_GAPS, "Stream frames arrived too discontiguously so that stream sequencer buffer maintains too many gaps" }, |
864 | | { QUIC_UNSUPPORTED_PROOF_DEMAND, "A demand for an unsupport proof type was received" }, |
865 | | { QUIC_STREAM_SEQUENCER_INVALID_STATE, "Sequencer buffer get into weird state where continuing read/write will lead to crash" }, |
866 | | { QUIC_TOO_MANY_SESSIONS_ON_SERVER, "Connection closed because of server hits max number of sessions allowed" }, |
867 | | { QUIC_HEADERS_STREAM_DATA_DECOMPRESS_FAILURE, "Invalid data on the headers stream received because of decompression failure" }, |
868 | | { QUIC_STREAM_LENGTH_OVERFLOW, "Receive a RST_STREAM with offset larger than kMaxStreamLength" }, |
869 | | { QUIC_CONNECTION_MIGRATION_DISABLED_BY_CONFIG, "Network changed, but connection migration was disabled by config" }, |
870 | | { QUIC_CONNECTION_MIGRATION_INTERNAL_ERROR, "Network changed, but error was encountered on the alternative network" }, |
871 | | { QUIC_LAST_ERROR, "No error. Used as bound while iterating" }, |
872 | | { 0, NULL } |
873 | | }; |
874 | | |
875 | | static value_string_ext error_code_vals_ext = VALUE_STRING_EXT_INIT(error_code_vals); |
876 | | |
877 | | /**************************************************************************/ |
878 | | /* RST Stream Error Code */ |
879 | | /**************************************************************************/ |
880 | | /* See https://chromium.googlesource.com/chromium/src.git/+/master/net/third_party/quic/core/quic_error_codes.h (enum QuicRstStreamErrorCode) */ |
881 | | |
882 | | enum QuicRstStreamErrorCode { |
883 | | /* Complete response has been sent, sending a RST to ask the other endpoint to stop sending request data without discarding the response. */ |
884 | | |
885 | | QUIC_STREAM_NO_ERROR = 0, |
886 | | /* There was some error which halted stream processing.*/ |
887 | | QUIC_ERROR_PROCESSING_STREAM, |
888 | | /* We got two fin or reset offsets which did not match.*/ |
889 | | QUIC_MULTIPLE_TERMINATION_OFFSETS, |
890 | | /* We got bad payload and can not respond to it at the protocol level. */ |
891 | | QUIC_BAD_APPLICATION_PAYLOAD, |
892 | | /* Stream closed due to connection error. No reset frame is sent when this happens. */ |
893 | | QUIC_STREAM_CONNECTION_ERROR, |
894 | | /* GoAway frame sent. No more stream can be created. */ |
895 | | QUIC_STREAM_PEER_GOING_AWAY, |
896 | | /* The stream has been cancelled. */ |
897 | | QUIC_STREAM_CANCELLED, |
898 | | /* Closing stream locally, sending a RST to allow for proper flow control accounting. Sent in response to a RST from the peer. */ |
899 | | QUIC_RST_ACKNOWLEDGEMENT, |
900 | | /* Receiver refused to create the stream (because its limit on open streams has been reached). The sender should retry the request later (using another stream). */ |
901 | | QUIC_REFUSED_STREAM, |
902 | | /* Invalid URL in PUSH_PROMISE request header. */ |
903 | | QUIC_INVALID_PROMISE_URL, |
904 | | /* Server is not authoritative for this URL. */ |
905 | | QUIC_UNAUTHORIZED_PROMISE_URL, |
906 | | /* Can't have more than one active PUSH_PROMISE per URL. */ |
907 | | QUIC_DUPLICATE_PROMISE_URL, |
908 | | /* Vary check failed. */ |
909 | | QUIC_PROMISE_VARY_MISMATCH, |
910 | | /* Only GET and HEAD methods allowed. */ |
911 | | QUIC_INVALID_PROMISE_METHOD, |
912 | | /* The push stream is unclaimed and timed out. */ |
913 | | QUIC_PUSH_STREAM_TIMED_OUT, |
914 | | /* Received headers were too large. */ |
915 | | QUIC_HEADERS_TOO_LARGE, |
916 | | /* The data is not likely arrive in time. */ |
917 | | QUIC_STREAM_TTL_EXPIRED, |
918 | | /* No error. Used as bound while iterating. */ |
919 | | QUIC_STREAM_LAST_ERROR, |
920 | | }; |
921 | | |
922 | | static const value_string rststream_error_code_vals[] = { |
923 | | { QUIC_STREAM_NO_ERROR, "Complete response has been sent, sending a RST to ask the other endpoint to stop sending request data without discarding the response." }, |
924 | | { QUIC_ERROR_PROCESSING_STREAM, "There was some error which halted stream processing" }, |
925 | | { QUIC_MULTIPLE_TERMINATION_OFFSETS, "We got two fin or reset offsets which did not match" }, |
926 | | { QUIC_BAD_APPLICATION_PAYLOAD, "We got bad payload and can not respond to it at the protocol level" }, |
927 | | { QUIC_STREAM_CONNECTION_ERROR, "Stream closed due to connection error. No reset frame is sent when this happens" }, |
928 | | { QUIC_STREAM_PEER_GOING_AWAY, "GoAway frame sent. No more stream can be created" }, |
929 | | { QUIC_STREAM_CANCELLED, "The stream has been cancelled" }, |
930 | | { QUIC_RST_ACKNOWLEDGEMENT, "Closing stream locally, sending a RST to allow for proper flow control accounting. Sent in response to a RST from the peer" }, |
931 | | { QUIC_REFUSED_STREAM, "Receiver refused to create the stream (because its limit on open streams has been reached). The sender should retry the request later (using another stream)" }, |
932 | | { QUIC_INVALID_PROMISE_URL, "Invalid URL in PUSH_PROMISE request header" }, |
933 | | { QUIC_UNAUTHORIZED_PROMISE_URL, "Server is not authoritative for this URL" }, |
934 | | { QUIC_DUPLICATE_PROMISE_URL, "Can't have more than one active PUSH_PROMISE per URL" }, |
935 | | { QUIC_PROMISE_VARY_MISMATCH, "Vary check failed" }, |
936 | | { QUIC_INVALID_PROMISE_METHOD, "Only GET and HEAD methods allowed" }, |
937 | | { QUIC_PUSH_STREAM_TIMED_OUT, "The push stream is unclaimed and timed out" }, |
938 | | { QUIC_HEADERS_TOO_LARGE, "Received headers were too large" }, |
939 | | { QUIC_STREAM_TTL_EXPIRED, "The data is not likely arrive in time" }, |
940 | | { QUIC_STREAM_LAST_ERROR, "No error. Used as bound while iterating" }, |
941 | | { 0, NULL } |
942 | | }; |
943 | | static value_string_ext rststream_error_code_vals_ext = VALUE_STRING_EXT_INIT(rststream_error_code_vals); |
944 | | |
945 | | /**************************************************************************/ |
946 | | /* Handshake Failure Reason */ |
947 | | /**************************************************************************/ |
948 | | /* See https://chromium.googlesource.com/chromium/src.git/+/master/net/third_party/quic/core/crypto/crypto_handshake.h */ |
949 | | |
950 | | enum HandshakeFailureReason { |
951 | | HANDSHAKE_OK = 0, |
952 | | |
953 | | /* Failure reasons for an invalid client nonce in CHLO. */ |
954 | | |
955 | | /* The default error value for nonce verification failures from strike register (covers old strike registers and unknown failures). */ |
956 | | CLIENT_NONCE_UNKNOWN_FAILURE = 1, |
957 | | /* Client nonce had incorrect length. */ |
958 | | CLIENT_NONCE_INVALID_FAILURE = 2, |
959 | | /* Client nonce is not unique. */ |
960 | | CLIENT_NONCE_NOT_UNIQUE_FAILURE = 3, |
961 | | /* Client orbit is invalid or incorrect. */ |
962 | | CLIENT_NONCE_INVALID_ORBIT_FAILURE = 4, |
963 | | /* Client nonce's timestamp is not in the strike register's valid time range. */ |
964 | | CLIENT_NONCE_INVALID_TIME_FAILURE = 5, |
965 | | /* Strike register's RPC call timed out, client nonce couldn't be verified. */ |
966 | | CLIENT_NONCE_STRIKE_REGISTER_TIMEOUT = 6, |
967 | | /* Strike register is down, client nonce couldn't be verified. */ |
968 | | CLIENT_NONCE_STRIKE_REGISTER_FAILURE = 7, |
969 | | |
970 | | /* Failure reasons for an invalid server nonce in CHLO. */ |
971 | | |
972 | | /* Unbox of server nonce failed. */ |
973 | | SERVER_NONCE_DECRYPTION_FAILURE = 8, |
974 | | /* Decrypted server nonce had incorrect length. */ |
975 | | SERVER_NONCE_INVALID_FAILURE = 9, |
976 | | /* Server nonce is not unique. */ |
977 | | SERVER_NONCE_NOT_UNIQUE_FAILURE = 10, |
978 | | /* Server nonce's timestamp is not in the strike register's valid time range. */ |
979 | | SERVER_NONCE_INVALID_TIME_FAILURE = 11, |
980 | | /* The server requires handshake confirmation. */ |
981 | | SERVER_NONCE_REQUIRED_FAILURE = 20, |
982 | | |
983 | | /* Failure reasons for an invalid server config in CHLO. */ |
984 | | |
985 | | /* Missing Server config id (kSCID) tag. */ |
986 | | SERVER_CONFIG_INCHOATE_HELLO_FAILURE = 12, |
987 | | /* Couldn't find the Server config id (kSCID). */ |
988 | | SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE = 13, |
989 | | |
990 | | /* Failure reasons for an invalid source-address token. */ |
991 | | |
992 | | /* Missing Source-address token (kSourceAddressTokenTag) tag. */ |
993 | | SOURCE_ADDRESS_TOKEN_INVALID_FAILURE = 14, |
994 | | /* Unbox of Source-address token failed. */ |
995 | | SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE = 15, |
996 | | /* Couldn't parse the unbox'ed Source-address token. */ |
997 | | SOURCE_ADDRESS_TOKEN_PARSE_FAILURE = 16, |
998 | | /* Source-address token is for a different IP address. */ |
999 | | SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE = 17, |
1000 | | /* The source-address token has a timestamp in the future. */ |
1001 | | SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE = 18, |
1002 | | /* The source-address token has expired. */ |
1003 | | SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE = 19, |
1004 | | |
1005 | | /* The expected leaf certificate hash could not be validated. */ |
1006 | | INVALID_EXPECTED_LEAF_CERTIFICATE = 21, |
1007 | | |
1008 | | MAX_FAILURE_REASON = 22 |
1009 | | }; |
1010 | | |
1011 | | static const value_string handshake_failure_reason_vals[] = { |
1012 | | { HANDSHAKE_OK, "Handshake OK" }, |
1013 | | { CLIENT_NONCE_UNKNOWN_FAILURE, "The default error value for nonce verification failures from strike register (covers old strike registers and unknown failures)" }, |
1014 | | { CLIENT_NONCE_INVALID_FAILURE, "Client nonce had incorrect length" }, |
1015 | | { CLIENT_NONCE_NOT_UNIQUE_FAILURE, "Client nonce is not unique" }, |
1016 | | { CLIENT_NONCE_INVALID_ORBIT_FAILURE, "Client orbit is invalid or incorrect" }, |
1017 | | { CLIENT_NONCE_INVALID_TIME_FAILURE, "Client nonce's timestamp is not in the strike register's valid time range" }, |
1018 | | { CLIENT_NONCE_STRIKE_REGISTER_TIMEOUT, "Strike register's RPC call timed out, client nonce couldn't be verified" }, |
1019 | | { CLIENT_NONCE_STRIKE_REGISTER_FAILURE, "Strike register is down, client nonce couldn't be verified" }, |
1020 | | { SERVER_NONCE_DECRYPTION_FAILURE, "Unbox of server nonce failed" }, |
1021 | | { SERVER_NONCE_INVALID_FAILURE, "Decrypted server nonce had incorrect length" }, |
1022 | | { SERVER_NONCE_NOT_UNIQUE_FAILURE, "Server nonce is not unique" }, |
1023 | | { SERVER_NONCE_INVALID_TIME_FAILURE, "Server nonce's timestamp is not in the strike register's valid time range" }, |
1024 | | { SERVER_CONFIG_INCHOATE_HELLO_FAILURE, "Missing Server config id (kSCID) tag" }, |
1025 | | { SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE, "Couldn't find the Server config id (kSCID)" }, |
1026 | | { SOURCE_ADDRESS_TOKEN_INVALID_FAILURE, "Missing Source-address token (kSourceAddressTokenTag) tag" }, |
1027 | | { SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, "Unbox of Source-address token failed" }, |
1028 | | { SOURCE_ADDRESS_TOKEN_PARSE_FAILURE, "Couldn't parse the unbox'ed Source-address token" }, |
1029 | | { SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE, "Source-address token is for a different IP address" }, |
1030 | | { SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE, "The source-address token has a timestamp in the future" }, |
1031 | | { SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE, "The source-address token has expired" }, |
1032 | | { SERVER_NONCE_REQUIRED_FAILURE, "The server requires handshake confirmation" }, |
1033 | | { INVALID_EXPECTED_LEAF_CERTIFICATE, "The expected leaf certificate hash could not be validated" }, |
1034 | | { 0, NULL } |
1035 | | }; |
1036 | | static value_string_ext handshake_failure_reason_vals_ext = VALUE_STRING_EXT_INIT(handshake_failure_reason_vals); |
1037 | | |
1038 | | |
1039 | 0 | static uint32_t get_len_offset(uint8_t frame_type){ |
1040 | |
|
1041 | 0 | switch((frame_type & FTFLAGS_STREAM_OOO) >> 2){ |
1042 | 0 | case 0: |
1043 | 0 | return 0; |
1044 | 0 | break; |
1045 | 0 | case 1: |
1046 | 0 | return 2; |
1047 | 0 | break; |
1048 | 0 | case 2: |
1049 | 0 | return 3; |
1050 | 0 | break; |
1051 | 0 | case 3: |
1052 | 0 | return 4; |
1053 | 0 | break; |
1054 | 0 | case 4: |
1055 | 0 | return 5; |
1056 | 0 | break; |
1057 | 0 | case 5: |
1058 | 0 | return 6; |
1059 | 0 | break; |
1060 | 0 | case 6: |
1061 | 0 | return 7; |
1062 | 0 | break; |
1063 | 0 | case 7: |
1064 | 0 | return 8; |
1065 | 0 | break; |
1066 | 0 | default: |
1067 | 0 | break; |
1068 | 0 | } |
1069 | 0 | return 0; |
1070 | 0 | } |
1071 | 0 | static uint32_t get_len_stream(uint8_t frame_type){ |
1072 | |
|
1073 | 0 | switch(frame_type & FTFLAGS_STREAM_SS){ |
1074 | 0 | case 0: |
1075 | 0 | return 1; |
1076 | 0 | break; |
1077 | 0 | case 1: |
1078 | 0 | return 2; |
1079 | 0 | break; |
1080 | 0 | case 2: |
1081 | 0 | return 3; |
1082 | 0 | break; |
1083 | 0 | case 3: |
1084 | 0 | return 4; |
1085 | 0 | break; |
1086 | 0 | default: |
1087 | 0 | break; |
1088 | 0 | } |
1089 | 0 | return 1; |
1090 | 0 | } |
1091 | | |
1092 | 0 | static uint32_t get_len_largest_observed(uint8_t frame_type){ |
1093 | |
|
1094 | 0 | switch((frame_type & FTFLAGS_ACK_LL) >> 2){ |
1095 | 0 | case 0: |
1096 | 0 | return 1; |
1097 | 0 | break; |
1098 | 0 | case 1: |
1099 | 0 | return 2; |
1100 | 0 | break; |
1101 | 0 | case 2: |
1102 | 0 | return 4; |
1103 | 0 | break; |
1104 | 0 | case 3: |
1105 | 0 | return 6; |
1106 | 0 | break; |
1107 | 0 | default: |
1108 | 0 | break; |
1109 | 0 | } |
1110 | 0 | return 1; |
1111 | 0 | } |
1112 | 0 | static uint32_t get_len_missing_packet(uint8_t frame_type){ |
1113 | |
|
1114 | 0 | switch(frame_type & FTFLAGS_ACK_MM){ |
1115 | 0 | case 0: |
1116 | 0 | return 1; |
1117 | 0 | break; |
1118 | 0 | case 1: |
1119 | 0 | return 2; |
1120 | 0 | break; |
1121 | 0 | case 2: |
1122 | 0 | return 4; |
1123 | 0 | break; |
1124 | 0 | case 3: |
1125 | 0 | return 6; |
1126 | 0 | break; |
1127 | 0 | default: |
1128 | 0 | break; |
1129 | 0 | } |
1130 | 0 | return 1; |
1131 | 0 | } |
1132 | | |
1133 | 0 | static uint32_t get_len_packet_number(uint8_t puflags){ |
1134 | |
|
1135 | 0 | switch((puflags & PUFLAGS_PKN) >> 4){ |
1136 | 0 | case 0: |
1137 | 0 | return 1; |
1138 | 0 | break; |
1139 | 0 | case 1: |
1140 | 0 | return 2; |
1141 | 0 | break; |
1142 | 0 | case 2: |
1143 | 0 | return 4; |
1144 | 0 | break; |
1145 | 0 | case 3: |
1146 | 0 | return 6; |
1147 | 0 | break; |
1148 | 0 | default: |
1149 | 0 | break; |
1150 | 0 | } |
1151 | 0 | return 6; |
1152 | 0 | } |
1153 | | |
1154 | | static |
1155 | 0 | bool is_gquic_unencrypt(tvbuff_t *tvb, packet_info *pinfo, unsigned offset, uint16_t len_pkn, gquic_info_data_t *gquic_info){ |
1156 | 0 | uint8_t frame_type; |
1157 | 0 | uint8_t num_ranges, num_revived, num_blocks = 0, num_timestamp; |
1158 | 0 | uint32_t len_stream = 0, len_offset = 0, len_data = 0, len_largest_observed = 1, len_missing_packet = 1; |
1159 | 0 | uint32_t message_tag; |
1160 | | |
1161 | |
|
1162 | 0 | if(tvb_captured_length_remaining(tvb, offset) <= 13){ |
1163 | 0 | return false; |
1164 | 0 | } |
1165 | | /* Message Authentication Hash */ |
1166 | 0 | offset += 12; |
1167 | |
|
1168 | 0 | if(gquic_info->version_valid && gquic_info->version < 34){ /* No longer Private Flags after Q034 */ |
1169 | | /* Private Flags */ |
1170 | 0 | offset += 1; |
1171 | 0 | } |
1172 | |
|
1173 | 0 | while(tvb_reported_length_remaining(tvb, offset) > 0){ |
1174 | |
|
1175 | 0 | if (tvb_captured_length_remaining(tvb, offset) <= 1){ |
1176 | 0 | return false; |
1177 | 0 | } |
1178 | | /* Frame type */ |
1179 | 0 | frame_type = tvb_get_uint8(tvb, offset); |
1180 | 0 | if((frame_type & FTFLAGS_SPECIAL) == 0){ |
1181 | 0 | offset += 1; |
1182 | 0 | switch(frame_type){ |
1183 | 0 | case FT_PADDING: |
1184 | 0 | return false; /* Pad on rest of packet.. */ |
1185 | 0 | break; |
1186 | 0 | case FT_RST_STREAM: |
1187 | | /* Stream ID */ |
1188 | 0 | offset += 4; |
1189 | | /* Byte Offset */ |
1190 | 0 | offset += 8; |
1191 | | /* Error Code */ |
1192 | 0 | offset += 4; |
1193 | 0 | break; |
1194 | 0 | case FT_CONNECTION_CLOSE:{ |
1195 | 0 | uint16_t len_reason; |
1196 | | |
1197 | | /* Error Code */ |
1198 | 0 | offset += 4; |
1199 | | /* Reason Phrase Length */ |
1200 | 0 | if (tvb_captured_length_remaining(tvb, offset) <= 2){ |
1201 | 0 | return false; |
1202 | 0 | } |
1203 | 0 | len_reason = tvb_get_uint16(tvb, offset, gquic_info->encoding); |
1204 | 0 | offset += 2; |
1205 | | /* Reason Phrase */ |
1206 | | /* If length remaining == len_reason, it is Connection Close */ |
1207 | 0 | if (tvb_captured_length_remaining(tvb, offset) == len_reason){ |
1208 | 0 | return true; |
1209 | 0 | } |
1210 | 0 | } |
1211 | 0 | break; |
1212 | 0 | case FT_GOAWAY:{ |
1213 | 0 | uint16_t len_reason; |
1214 | | |
1215 | | /* Error Code */ |
1216 | 0 | offset += 4; |
1217 | | /* Last Good Stream ID */ |
1218 | 0 | offset += 4; |
1219 | | /* Reason Phrase Length */ |
1220 | 0 | if (tvb_captured_length_remaining(tvb, offset) <= 2){ |
1221 | 0 | return false; |
1222 | 0 | } |
1223 | 0 | len_reason = tvb_get_uint16(tvb, offset, gquic_info->encoding); |
1224 | 0 | offset += 2; |
1225 | | /* Reason Phrase */ |
1226 | 0 | offset += len_reason; |
1227 | 0 | } |
1228 | 0 | break; |
1229 | 0 | case FT_WINDOW_UPDATE: |
1230 | | /* Stream ID */ |
1231 | 0 | offset += 4; |
1232 | | /* Byte Offset */ |
1233 | 0 | offset += 8; |
1234 | 0 | break; |
1235 | 0 | case FT_BLOCKED: |
1236 | | /* Stream ID */ |
1237 | 0 | offset += 4; |
1238 | 0 | break; |
1239 | 0 | case FT_STOP_WAITING: |
1240 | 0 | if(gquic_info->version_valid && gquic_info->version < 34){ /* No longer Entropy after Q034 */ |
1241 | | /* Send Entropy */ |
1242 | 0 | offset += 1; |
1243 | 0 | } |
1244 | | /* Least Unacked Delta */ |
1245 | 0 | offset += len_pkn; |
1246 | 0 | break; |
1247 | 0 | case FT_PING: /* No Payload */ |
1248 | 0 | default: /* No default */ |
1249 | 0 | break; |
1250 | 0 | } |
1251 | 0 | } else { |
1252 | | /* Special Frame Type */ |
1253 | 0 | if(frame_type & FTFLAGS_STREAM){ /* Stream */ |
1254 | |
|
1255 | 0 | if(frame_type & FTFLAGS_STREAM_D){ |
1256 | 0 | len_data = 2; |
1257 | 0 | } |
1258 | 0 | len_offset = get_len_offset(frame_type); |
1259 | 0 | len_stream = get_len_stream(frame_type); |
1260 | | |
1261 | | /* Frame Type */ |
1262 | 0 | offset += 1; |
1263 | | |
1264 | | /* Stream */ |
1265 | 0 | offset += len_stream; |
1266 | | |
1267 | | /* Offset */ |
1268 | 0 | offset += len_offset; |
1269 | | |
1270 | | /* Data length */ |
1271 | 0 | offset += len_data; |
1272 | |
|
1273 | 0 | if (tvb_captured_length_remaining(tvb, offset) <= 4){ |
1274 | 0 | return false; |
1275 | 0 | } |
1276 | | |
1277 | | /* Check if the Message Tag is CHLO (Client Hello) or SHLO (Server Hello) or REJ (Rejection) */ |
1278 | 0 | message_tag = tvb_get_ntohl(tvb, offset); |
1279 | 0 | if (message_tag == MTAG_CHLO|| message_tag == MTAG_SHLO || message_tag == MTAG_REJ) { |
1280 | 0 | if(message_tag == MTAG_CHLO && pinfo->srcport != 443) { /* Found */ |
1281 | 0 | gquic_info->server_port = pinfo->destport; |
1282 | 0 | } |
1283 | 0 | return true; |
1284 | 0 | } |
1285 | | |
1286 | |
|
1287 | 0 | } else if (frame_type & FTFLAGS_ACK) { |
1288 | | /* ACK Flags */ |
1289 | |
|
1290 | 0 | len_largest_observed = get_len_largest_observed(frame_type); |
1291 | 0 | len_missing_packet = get_len_missing_packet(frame_type); |
1292 | | |
1293 | | /* Frame Type */ |
1294 | 0 | offset += 1; |
1295 | |
|
1296 | 0 | if(gquic_info->version_valid && gquic_info->version < 34){ /* No longer Entropy after Q034 */ |
1297 | | /* Received Entropy */ |
1298 | 0 | offset += 1; |
1299 | | |
1300 | | /* Largest Observed */ |
1301 | 0 | offset += len_largest_observed; |
1302 | | |
1303 | | /* Ack Delay Time */ |
1304 | 0 | offset += 2; |
1305 | | |
1306 | | /* Num Timestamp */ |
1307 | 0 | if (tvb_captured_length_remaining(tvb, offset) <= 1){ |
1308 | 0 | return false; |
1309 | 0 | } |
1310 | 0 | num_timestamp = tvb_get_uint8(tvb, offset); |
1311 | 0 | offset += 1; |
1312 | |
|
1313 | 0 | if(num_timestamp > 0){ |
1314 | | /* Delta Largest Observed */ |
1315 | 0 | offset += 1; |
1316 | | |
1317 | | /* First Timestamp */ |
1318 | 0 | offset += 4; |
1319 | | |
1320 | | /* Num Timestamp (-1)x (Delta Largest Observed + Time Since Previous Timestamp) */ |
1321 | 0 | offset += (num_timestamp - 1)*(1+2); |
1322 | 0 | } |
1323 | |
|
1324 | 0 | if(frame_type & FTFLAGS_ACK_N){ |
1325 | | /* Num Ranges */ |
1326 | 0 | if (tvb_captured_length_remaining(tvb, offset) <= 1){ |
1327 | 0 | return false; |
1328 | 0 | } |
1329 | 0 | num_ranges = tvb_get_uint8(tvb, offset); |
1330 | 0 | offset += 1; |
1331 | | |
1332 | | /* Num Range x (Missing Packet + Range Length) */ |
1333 | 0 | offset += num_ranges*(len_missing_packet+1); |
1334 | | |
1335 | | /* Num Revived */ |
1336 | 0 | if (tvb_captured_length_remaining(tvb, offset) <= 1){ |
1337 | 0 | return false; |
1338 | 0 | } |
1339 | 0 | num_revived = tvb_get_uint8(tvb, offset); |
1340 | 0 | offset += 1; |
1341 | | |
1342 | | /* Num Revived x Length Largest Observed */ |
1343 | 0 | offset += num_revived*len_largest_observed; |
1344 | |
|
1345 | 0 | } |
1346 | 0 | } else { |
1347 | | |
1348 | | /* Largest Acked */ |
1349 | 0 | offset += len_largest_observed; |
1350 | | |
1351 | | /* Largest Acked Delta Time*/ |
1352 | 0 | offset += 2; |
1353 | | |
1354 | | /* Ack Block */ |
1355 | 0 | if(frame_type & FTFLAGS_ACK_N){ |
1356 | 0 | if (tvb_captured_length_remaining(tvb, offset) <= 1){ |
1357 | 0 | return false; |
1358 | 0 | } |
1359 | 0 | num_blocks = tvb_get_uint8(tvb, offset); |
1360 | 0 | offset += 1; |
1361 | 0 | } |
1362 | | |
1363 | | /* First Ack Block Length */ |
1364 | 0 | offset += len_missing_packet; |
1365 | 0 | if(num_blocks){ |
1366 | 0 | offset += (num_blocks)*(1 + len_missing_packet); |
1367 | 0 | } |
1368 | | |
1369 | | /* Timestamp */ |
1370 | 0 | if (tvb_captured_length_remaining(tvb, offset) <= 1){ |
1371 | 0 | return false; |
1372 | 0 | } |
1373 | 0 | num_timestamp = tvb_get_uint8(tvb, offset); |
1374 | 0 | offset += 1; |
1375 | |
|
1376 | 0 | if(num_timestamp > 0){ |
1377 | | |
1378 | | /* Delta Largest Acked */ |
1379 | 0 | offset += 1; |
1380 | | |
1381 | | /* Time Since Largest Acked */ |
1382 | 0 | offset += 4; |
1383 | | |
1384 | | /* Num Timestamp x (Delta Largest Acked + Time Since Previous Timestamp) */ |
1385 | 0 | offset += (num_timestamp - 1)*(1+2); |
1386 | 0 | } |
1387 | |
|
1388 | 0 | } |
1389 | 0 | } else { /* Other Special Frame type */ |
1390 | 0 | offset += 1; |
1391 | 0 | } |
1392 | 0 | } |
1393 | 0 | } |
1394 | | |
1395 | 0 | return false; |
1396 | |
|
1397 | 0 | } |
1398 | | |
1399 | | static uint32_t |
1400 | | // NOLINTNEXTLINE(misc-no-recursion) |
1401 | 0 | dissect_gquic_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, unsigned offset, uint32_t tag_number){ |
1402 | 0 | uint32_t tag_offset_start = offset + tag_number*4*2; |
1403 | 0 | uint32_t tag_offset = 0, total_tag_len = 0; |
1404 | 0 | int32_t tag_len; |
1405 | |
|
1406 | 0 | while(tag_number){ |
1407 | 0 | proto_tree *tag_tree, *ti_len, *ti_tag, *ti_type; |
1408 | 0 | uint32_t offset_end, tag, num_iter; |
1409 | 0 | const uint8_t* tag_str; |
1410 | |
|
1411 | 0 | ti_tag = proto_tree_add_item(gquic_tree, hf_gquic_tags, tvb, offset, 8, ENC_NA); |
1412 | 0 | tag_tree = proto_item_add_subtree(ti_tag, ett_gquic_tag_value); |
1413 | 0 | ti_type = proto_tree_add_item_ret_string(tag_tree, hf_gquic_tag_type, tvb, offset, 4, ENC_ASCII|ENC_NA, pinfo->pool, &tag_str); |
1414 | 0 | tag = tvb_get_ntohl(tvb, offset); |
1415 | 0 | proto_item_append_text(ti_type, " (%s)", val_to_str_const(tag, tag_vals, "Unknown")); |
1416 | 0 | proto_item_append_text(ti_tag, ": %s (%s)", tag_str, val_to_str_const(tag, tag_vals, "Unknown")); |
1417 | 0 | offset += 4; |
1418 | |
|
1419 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_offset_end, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
1420 | 0 | offset_end = tvb_get_uint32(tvb, offset, ENC_LITTLE_ENDIAN); |
1421 | |
|
1422 | 0 | tag_len = offset_end - tag_offset; |
1423 | 0 | ti_len = proto_tree_add_uint(tag_tree, hf_gquic_tag_length, tvb, offset, 4, tag_len); |
1424 | 0 | proto_item_append_text(ti_tag, " (l=%u)", tag_len); |
1425 | 0 | proto_item_set_generated(ti_len); |
1426 | 0 | offset += 4; |
1427 | | |
1428 | | /* Fix issue with CRT.. (Fragmentation ?) */ |
1429 | 0 | if( tag_len > tvb_reported_length_remaining(tvb, tag_offset_start + tag_offset)){ |
1430 | 0 | tag_len = tvb_reported_length_remaining(tvb, tag_offset_start + tag_offset); |
1431 | 0 | offset_end = tag_offset + tag_len; |
1432 | 0 | expert_add_info(pinfo, ti_len, &ei_gquic_tag_length); |
1433 | 0 | } |
1434 | |
|
1435 | 0 | total_tag_len += tag_len; |
1436 | |
|
1437 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_value, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1438 | |
|
1439 | 0 | increment_dissection_depth(pinfo); |
1440 | 0 | switch(tag){ |
1441 | 0 | case TAG_PAD: |
1442 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_pad, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1443 | 0 | tag_offset += tag_len; |
1444 | 0 | break; |
1445 | 0 | case TAG_SNI: |
1446 | 0 | proto_tree_add_item_ret_string(tag_tree, hf_gquic_tag_sni, tvb, tag_offset_start + tag_offset, tag_len, ENC_ASCII|ENC_NA, pinfo->pool, &tag_str); |
1447 | 0 | proto_item_append_text(ti_tag, ": %s", tag_str); |
1448 | 0 | tag_offset += tag_len; |
1449 | 0 | break; |
1450 | 0 | case TAG_VER: |
1451 | 0 | num_iter = 1; |
1452 | 0 | while(offset_end - tag_offset >= 4){ |
1453 | 0 | proto_tree_add_item_ret_string(tag_tree, hf_gquic_tag_ver, tvb, tag_offset_start + tag_offset, 4, ENC_ASCII|ENC_NA, pinfo->pool, &tag_str); |
1454 | 0 | proto_item_append_text(ti_tag, "%s %s", num_iter == 1 ? ":" : ",", tag_str); |
1455 | 0 | tag_offset += 4; |
1456 | 0 | num_iter++; |
1457 | 0 | } |
1458 | 0 | break; |
1459 | 0 | case TAG_CCS: |
1460 | 0 | while(offset_end - tag_offset >= 8){ |
1461 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_ccs, tvb, tag_offset_start + tag_offset, 8, ENC_BIG_ENDIAN); |
1462 | 0 | tag_offset += 8; |
1463 | 0 | } |
1464 | 0 | break; |
1465 | 0 | case TAG_PDMD: |
1466 | 0 | proto_tree_add_item_ret_string(tag_tree, hf_gquic_tag_pdmd, tvb, tag_offset_start + tag_offset, tag_len, ENC_ASCII|ENC_NA, pinfo->pool, &tag_str); |
1467 | 0 | proto_item_append_text(ti_tag, ": %s", tag_str); |
1468 | 0 | tag_offset += tag_len; |
1469 | 0 | break; |
1470 | 0 | case TAG_UAID: |
1471 | 0 | proto_tree_add_item_ret_string(tag_tree, hf_gquic_tag_uaid, tvb, tag_offset_start + tag_offset, tag_len, ENC_ASCII|ENC_NA, pinfo->pool, &tag_str); |
1472 | 0 | proto_item_append_text(ti_tag, ": %s", tag_str); |
1473 | 0 | tag_offset += tag_len; |
1474 | 0 | break; |
1475 | 0 | case TAG_STK: |
1476 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_stk, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1477 | 0 | tag_offset += tag_len; |
1478 | 0 | break; |
1479 | 0 | case TAG_SNO: |
1480 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_sno, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1481 | 0 | tag_offset += tag_len; |
1482 | 0 | break; |
1483 | 0 | case TAG_PROF: |
1484 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_prof, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1485 | 0 | tag_offset += tag_len; |
1486 | 0 | break; |
1487 | 0 | case TAG_SCFG:{ |
1488 | 0 | uint32_t scfg_tag_number; |
1489 | |
|
1490 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_scfg, tvb, tag_offset_start + tag_offset, 4, ENC_ASCII); |
1491 | 0 | tag_offset += 4; |
1492 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_scfg_number, tvb, tag_offset_start + tag_offset, 4, ENC_LITTLE_ENDIAN); |
1493 | 0 | scfg_tag_number = tvb_get_uint32(tvb, tag_offset_start + tag_offset, ENC_LITTLE_ENDIAN); |
1494 | 0 | tag_offset += 4; |
1495 | |
|
1496 | 0 | dissect_gquic_tag(tvb, pinfo, tag_tree, tag_offset_start + tag_offset, scfg_tag_number); |
1497 | 0 | tag_offset += tag_len - 4 - 4; |
1498 | 0 | } |
1499 | 0 | break; |
1500 | 0 | case TAG_RREJ: |
1501 | 0 | while(offset_end - tag_offset >= 4){ |
1502 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_rrej, tvb, tag_offset_start + tag_offset, 4, ENC_LITTLE_ENDIAN); |
1503 | 0 | proto_item_append_text(ti_tag, ", Code %s", val_to_str_ext_const(tvb_get_uint32(tvb, tag_offset_start + tag_offset, ENC_LITTLE_ENDIAN), |
1504 | 0 | &handshake_failure_reason_vals_ext, |
1505 | 0 | "Unknown")); |
1506 | 0 | tag_offset += 4; |
1507 | 0 | } |
1508 | 0 | break; |
1509 | 0 | case TAG_CRT: |
1510 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_crt, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1511 | 0 | tag_offset += tag_len; |
1512 | 0 | break; |
1513 | 0 | case TAG_AEAD: |
1514 | 0 | while(offset_end - tag_offset >= 4){ |
1515 | 0 | proto_tree *ti_aead; |
1516 | 0 | ti_aead = proto_tree_add_item(tag_tree, hf_gquic_tag_aead, tvb, tag_offset_start + tag_offset, 4, ENC_ASCII); |
1517 | 0 | proto_item_append_text(ti_aead, " (%s)", val_to_str_const(tvb_get_ntohl(tvb, tag_offset_start + tag_offset), tag_aead_vals, "Unknown")); |
1518 | 0 | proto_item_append_text(ti_tag, ", %s", val_to_str_const(tvb_get_ntohl(tvb, tag_offset_start + tag_offset), tag_aead_vals, "Unknown")); |
1519 | 0 | tag_offset += 4; |
1520 | 0 | } |
1521 | 0 | break; |
1522 | 0 | case TAG_SCID: |
1523 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_scid, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1524 | 0 | tag_offset += tag_len; |
1525 | 0 | break; |
1526 | 0 | case TAG_PUBS: |
1527 | | /*TODO FIX: 24 Length + Pubs key?.. ! */ |
1528 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_pubs, tvb, tag_offset_start + tag_offset, 2, ENC_LITTLE_ENDIAN); |
1529 | 0 | tag_offset += 2; |
1530 | 0 | while(offset_end - tag_offset >= 3){ |
1531 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_pubs, tvb, tag_offset_start + tag_offset, 3, ENC_LITTLE_ENDIAN); |
1532 | 0 | tag_offset += 3; |
1533 | 0 | } |
1534 | 0 | break; |
1535 | 0 | case TAG_KEXS: |
1536 | 0 | while(offset_end - tag_offset >= 4){ |
1537 | 0 | proto_tree *ti_kexs; |
1538 | 0 | ti_kexs = proto_tree_add_item(tag_tree, hf_gquic_tag_kexs, tvb, tag_offset_start + tag_offset, 4, ENC_ASCII); |
1539 | 0 | proto_item_append_text(ti_kexs, " (%s)", val_to_str_const(tvb_get_ntohl(tvb, tag_offset_start + tag_offset), tag_kexs_vals, "Unknown")); |
1540 | 0 | proto_item_append_text(ti_tag, ", %s", val_to_str_const(tvb_get_ntohl(tvb, tag_offset_start + tag_offset), tag_kexs_vals, "Unknown")); |
1541 | 0 | tag_offset += 4; |
1542 | 0 | } |
1543 | 0 | break; |
1544 | 0 | case TAG_OBIT: |
1545 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_obit, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1546 | 0 | tag_offset += tag_len; |
1547 | 0 | break; |
1548 | 0 | case TAG_EXPY: |
1549 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_expy, tvb, tag_offset_start + tag_offset, 8, ENC_LITTLE_ENDIAN); |
1550 | 0 | tag_offset += 8; |
1551 | 0 | break; |
1552 | 0 | case TAG_NONC: |
1553 | | /*TODO: Enhance display: 32 bytes consisting of 4 bytes of timestamp (big-endian, UNIX epoch seconds), 8 bytes of server orbit and 20 bytes of random data. */ |
1554 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_nonc, tvb, tag_offset_start + tag_offset, 32, ENC_NA); |
1555 | 0 | tag_offset += 32; |
1556 | 0 | break; |
1557 | 0 | case TAG_MSPC: |
1558 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_mspc, tvb, tag_offset_start + tag_offset, 4, ENC_LITTLE_ENDIAN); |
1559 | 0 | proto_item_append_text(ti_tag, ": %u", tvb_get_uint32(tvb, tag_offset_start + tag_offset, ENC_LITTLE_ENDIAN)); |
1560 | 0 | tag_offset += 4; |
1561 | 0 | break; |
1562 | 0 | case TAG_TCID: |
1563 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_tcid, tvb, tag_offset_start + tag_offset, 4, ENC_LITTLE_ENDIAN); |
1564 | 0 | tag_offset += 4; |
1565 | 0 | break; |
1566 | 0 | case TAG_SRBF: |
1567 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_srbf, tvb, tag_offset_start + tag_offset, 4, ENC_LITTLE_ENDIAN); |
1568 | 0 | tag_offset += 4; |
1569 | 0 | break; |
1570 | 0 | case TAG_ICSL: |
1571 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_icsl, tvb, tag_offset_start + tag_offset, 4, ENC_LITTLE_ENDIAN); |
1572 | 0 | tag_offset += 4; |
1573 | 0 | break; |
1574 | 0 | case TAG_SCLS: |
1575 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_scls, tvb, tag_offset_start + tag_offset, 4, ENC_LITTLE_ENDIAN); |
1576 | 0 | tag_offset += 4; |
1577 | 0 | break; |
1578 | 0 | case TAG_COPT: |
1579 | 0 | while(offset_end - tag_offset >= 4){ |
1580 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_copt, tvb, tag_offset_start + tag_offset, 4, ENC_ASCII); |
1581 | 0 | tag_offset += 4; |
1582 | 0 | } |
1583 | 0 | break; |
1584 | 0 | case TAG_CCRT: |
1585 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_ccrt, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1586 | 0 | tag_offset += tag_len; |
1587 | 0 | break; |
1588 | 0 | case TAG_IRTT: |
1589 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_irtt, tvb, tag_offset_start + tag_offset, 4, ENC_LITTLE_ENDIAN); |
1590 | 0 | proto_item_append_text(ti_tag, ": %u", tvb_get_uint32(tvb, tag_offset_start + tag_offset, ENC_LITTLE_ENDIAN)); |
1591 | 0 | tag_offset += 4; |
1592 | 0 | break; |
1593 | 0 | case TAG_CFCW: |
1594 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_cfcw, tvb, tag_offset_start + tag_offset, 4, ENC_LITTLE_ENDIAN); |
1595 | 0 | proto_item_append_text(ti_tag, ": %u", tvb_get_uint32(tvb, tag_offset_start + tag_offset, ENC_LITTLE_ENDIAN)); |
1596 | 0 | tag_offset += 4; |
1597 | 0 | break; |
1598 | 0 | case TAG_SFCW: |
1599 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_sfcw, tvb, tag_offset_start + tag_offset, 4, ENC_LITTLE_ENDIAN); |
1600 | 0 | proto_item_append_text(ti_tag, ": %u", tvb_get_uint32(tvb, tag_offset_start + tag_offset, ENC_LITTLE_ENDIAN)); |
1601 | 0 | tag_offset += 4; |
1602 | 0 | break; |
1603 | 0 | case TAG_CETV: |
1604 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_cetv, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1605 | 0 | tag_offset += tag_len; |
1606 | 0 | break; |
1607 | 0 | case TAG_XLCT: |
1608 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_xlct, tvb, tag_offset_start + tag_offset, 8, ENC_NA); |
1609 | 0 | tag_offset += 8; |
1610 | 0 | break; |
1611 | 0 | case TAG_NONP: |
1612 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_nonp, tvb, tag_offset_start + tag_offset, 32, ENC_NA); |
1613 | 0 | tag_offset += 32; |
1614 | 0 | break; |
1615 | 0 | case TAG_CSCT: |
1616 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_csct, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1617 | 0 | tag_offset += tag_len; |
1618 | 0 | break; |
1619 | 0 | case TAG_CTIM: |
1620 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_ctim, tvb, tag_offset_start + tag_offset, 8, ENC_LITTLE_ENDIAN|ENC_TIME_SECS_NSECS); |
1621 | 0 | tag_offset += 8; |
1622 | 0 | break; |
1623 | 0 | case TAG_RNON: /* Public Reset Tag */ |
1624 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_rnon, tvb, tag_offset_start + tag_offset, 8, ENC_LITTLE_ENDIAN); |
1625 | 0 | tag_offset += 8; |
1626 | 0 | break; |
1627 | 0 | case TAG_RSEQ: /* Public Reset Tag */ |
1628 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_rseq, tvb, tag_offset_start + tag_offset, 8, ENC_LITTLE_ENDIAN); |
1629 | 0 | tag_offset += 8; |
1630 | 0 | break; |
1631 | 0 | case TAG_CADR: /* Public Reset Tag */{ |
1632 | 0 | uint32_t addr_type; |
1633 | 0 | proto_tree_add_item_ret_uint(tag_tree, hf_gquic_tag_cadr_addr_type, tvb, tag_offset_start + tag_offset, 2, ENC_LITTLE_ENDIAN, &addr_type); |
1634 | 0 | tag_offset += 2; |
1635 | 0 | switch(addr_type){ |
1636 | 0 | case 2: /* IPv4 */ |
1637 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_cadr_addr_ipv4, tvb, tag_offset_start + tag_offset, 4, ENC_BIG_ENDIAN); |
1638 | 0 | tag_offset += 4; |
1639 | 0 | break; |
1640 | 0 | case 10: /* IPv6 */ |
1641 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_cadr_addr_ipv6, tvb, tag_offset_start + tag_offset, 16, ENC_NA); |
1642 | 0 | tag_offset += 16; |
1643 | 0 | break; |
1644 | 0 | default: /* Unknown */ |
1645 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_cadr_addr, tvb, tag_offset_start + tag_offset, tag_len - 2 - 2, ENC_NA); |
1646 | 0 | tag_offset += tag_len + 2 + 2 ; |
1647 | 0 | break; |
1648 | 0 | } |
1649 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_cadr_port, tvb, tag_offset_start + tag_offset, 2, ENC_LITTLE_ENDIAN); |
1650 | 0 | tag_offset += 2; |
1651 | 0 | } |
1652 | 0 | break; |
1653 | 0 | case TAG_MIDS: |
1654 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_mids, tvb, tag_offset_start + tag_offset, 4, ENC_LITTLE_ENDIAN); |
1655 | 0 | proto_item_append_text(ti_tag, ": %u", tvb_get_uint32(tvb, tag_offset_start + tag_offset, ENC_LITTLE_ENDIAN)); |
1656 | 0 | tag_offset += 4; |
1657 | 0 | break; |
1658 | 0 | case TAG_FHOL: |
1659 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_fhol, tvb, tag_offset_start + tag_offset, 4, ENC_LITTLE_ENDIAN); |
1660 | 0 | proto_item_append_text(ti_tag, ": %u", tvb_get_uint32(tvb, tag_offset_start + tag_offset, ENC_LITTLE_ENDIAN)); |
1661 | 0 | tag_offset += 4; |
1662 | 0 | break; |
1663 | 0 | case TAG_STTL: |
1664 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_sttl, tvb, tag_offset_start + tag_offset, 8, ENC_LITTLE_ENDIAN); |
1665 | 0 | tag_offset += 8; |
1666 | 0 | break; |
1667 | 0 | case TAG_SMHL: |
1668 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_smhl, tvb, tag_offset_start + tag_offset, 4, ENC_LITTLE_ENDIAN); |
1669 | 0 | proto_item_append_text(ti_tag, ": %u", tvb_get_uint32(tvb, tag_offset_start + tag_offset, ENC_LITTLE_ENDIAN)); |
1670 | 0 | tag_offset += 4; |
1671 | 0 | break; |
1672 | 0 | case TAG_TBKP: |
1673 | 0 | proto_tree_add_item_ret_string(tag_tree, hf_gquic_tag_tbkp, tvb, tag_offset_start + tag_offset, 4, ENC_ASCII|ENC_NA, pinfo->pool, &tag_str); |
1674 | 0 | proto_item_append_text(ti_tag, ": %s", tag_str); |
1675 | 0 | tag_offset += 4; |
1676 | 0 | break; |
1677 | 0 | case TAG_MAD0: |
1678 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_mad0, tvb, tag_offset_start + tag_offset, 4, ENC_LITTLE_ENDIAN); |
1679 | 0 | proto_item_append_text(ti_tag, ": %u", tvb_get_uint32(tvb, tag_offset_start + tag_offset, ENC_LITTLE_ENDIAN)); |
1680 | 0 | tag_offset += 4; |
1681 | 0 | break; |
1682 | 0 | case TAG_QLVE: |
1683 | 0 | { |
1684 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_qlve, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1685 | | |
1686 | | /* Newest GQUIC versions (usually Q050) encapsulate their first flight in Q043 packets. |
1687 | | * (Q050 is handled by QUIC dissector) */ |
1688 | 0 | tvbuff_t *next_tvb = tvb_new_subset_length(tvb, tag_offset_start + tag_offset, tag_len); |
1689 | 0 | call_dissector_with_data(quic_handle, next_tvb, pinfo, tag_tree, NULL); |
1690 | |
|
1691 | 0 | tag_offset += tag_len; |
1692 | 0 | } |
1693 | 0 | break; |
1694 | 0 | case TAG_CGST: |
1695 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_cgst, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1696 | 0 | tag_offset += tag_len; |
1697 | 0 | break; |
1698 | 0 | case TAG_EPID: |
1699 | 0 | proto_tree_add_item_ret_string(tag_tree, hf_gquic_tag_epid, tvb, tag_offset_start + tag_offset, tag_len, ENC_ASCII|ENC_NA, pinfo->pool, &tag_str); |
1700 | 0 | proto_item_append_text(ti_tag, ": %s", tag_str); |
1701 | 0 | tag_offset += tag_len; |
1702 | 0 | break; |
1703 | 0 | case TAG_SRST: |
1704 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_srst, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1705 | 0 | tag_offset += tag_len; |
1706 | 0 | break; |
1707 | 0 | default: |
1708 | 0 | proto_tree_add_item(tag_tree, hf_gquic_tag_unknown, tvb, tag_offset_start + tag_offset, tag_len, ENC_NA); |
1709 | 0 | expert_add_info_format(pinfo, ti_tag, &ei_gquic_tag_undecoded, |
1710 | 0 | "Dissector for (Google) QUIC Tag" |
1711 | 0 | " %s (%s) code not implemented, Contact" |
1712 | 0 | " Wireshark developers if you want this supported", |
1713 | 0 | tvb_get_string_enc(pinfo->pool, tvb, offset-8, 4, ENC_ASCII|ENC_NA), |
1714 | 0 | val_to_str_const(tag, tag_vals, "Unknown")); |
1715 | 0 | tag_offset += tag_len; |
1716 | 0 | break; |
1717 | 0 | } |
1718 | 0 | decrement_dissection_depth(pinfo); |
1719 | |
|
1720 | 0 | if(tag_offset != offset_end){ |
1721 | | /* Wrong Tag len... */ |
1722 | 0 | proto_tree_add_expert(tag_tree, pinfo, &ei_gquic_tag_unknown, tvb, tag_offset_start + tag_offset, tag_len); |
1723 | 0 | tag_offset = offset_end; |
1724 | 0 | } |
1725 | |
|
1726 | 0 | tag_number--; |
1727 | 0 | } |
1728 | | |
1729 | 0 | if (offset + total_tag_len <= offset) { |
1730 | 0 | expert_add_info_format(pinfo, gquic_tree, &ei_gquic_length_invalid, |
1731 | 0 | "Invalid total tag length: %u", total_tag_len); |
1732 | 0 | return offset + tvb_reported_length_remaining(tvb, offset); |
1733 | 0 | } |
1734 | 0 | return offset + total_tag_len; |
1735 | |
|
1736 | 0 | } |
1737 | | |
1738 | | uint32_t |
1739 | 0 | dissect_gquic_tags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ft_tree, unsigned offset){ |
1740 | 0 | uint32_t tag_number; |
1741 | |
|
1742 | 0 | proto_tree_add_item(ft_tree, hf_gquic_tag_number, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
1743 | 0 | tag_number = tvb_get_uint16(tvb, offset, ENC_LITTLE_ENDIAN); |
1744 | 0 | offset += 2; |
1745 | |
|
1746 | 0 | proto_tree_add_item(ft_tree, hf_gquic_padding, tvb, offset, 2, ENC_NA); |
1747 | 0 | offset += 2; |
1748 | |
|
1749 | 0 | offset = dissect_gquic_tag(tvb, pinfo, ft_tree, offset, tag_number); |
1750 | |
|
1751 | 0 | return offset; |
1752 | 0 | } |
1753 | | |
1754 | | int |
1755 | 0 | dissect_gquic_frame_type(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, unsigned offset, uint8_t len_pkn, gquic_info_data_t *gquic_info){ |
1756 | 0 | if (!gquic_info) { |
1757 | 0 | expert_add_info(pinfo, gquic_tree, &ei_gquic_data_invalid); |
1758 | 0 | return offset + tvb_reported_length_remaining(tvb, offset); |
1759 | 0 | } |
1760 | | |
1761 | 0 | proto_item *ti, *ti_ft, *ti_ftflags /*, *expert_ti*/; |
1762 | 0 | proto_tree *ft_tree, *ftflags_tree; |
1763 | 0 | uint8_t frame_type; |
1764 | 0 | uint8_t num_ranges, num_revived, num_blocks = 0, num_timestamp; |
1765 | 0 | uint32_t len_stream = 0, len_offset = 0, len_data = 0, len_largest_observed = 1, len_missing_packet = 1; |
1766 | |
|
1767 | 0 | ti_ft = proto_tree_add_item(gquic_tree, hf_gquic_frame, tvb, offset, 1, ENC_NA); |
1768 | 0 | ft_tree = proto_item_add_subtree(ti_ft, ett_gquic_ft); |
1769 | | |
1770 | | /* Frame type */ |
1771 | 0 | ti_ftflags = proto_tree_add_item(ft_tree, hf_gquic_frame_type, tvb, offset, 1, ENC_NA); |
1772 | 0 | frame_type = tvb_get_uint8(tvb, offset); |
1773 | 0 | proto_item_set_text(ti_ft, "%s", rval_to_str_const(frame_type, frame_type_vals, "Unknown")); |
1774 | |
|
1775 | 0 | if((frame_type & FTFLAGS_SPECIAL) == 0 && frame_type != FT_CRYPTO){ /* Regular Stream Flags */ |
1776 | 0 | offset += 1; |
1777 | 0 | switch(frame_type){ |
1778 | 0 | case FT_PADDING:{ |
1779 | 0 | proto_item *ti_pad_len; |
1780 | 0 | uint32_t pad_len = tvb_reported_length_remaining(tvb, offset); |
1781 | |
|
1782 | 0 | ti_pad_len = proto_tree_add_uint(ft_tree, hf_gquic_frame_type_padding_length, tvb, offset, 0, pad_len); |
1783 | 0 | proto_item_set_generated(ti_pad_len); |
1784 | 0 | proto_item_append_text(ti_ft, " Length: %u", pad_len); |
1785 | 0 | if(pad_len > 0) /* Avoid Malformed Exception with pad_len == 0 */ |
1786 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_padding, tvb, offset, -1, ENC_NA); |
1787 | 0 | offset += pad_len; |
1788 | 0 | } |
1789 | 0 | break; |
1790 | 0 | case FT_RST_STREAM:{ |
1791 | 0 | uint32_t stream_id, error_code; |
1792 | 0 | proto_tree_add_item_ret_uint(ft_tree, hf_gquic_frame_type_rsts_stream_id, tvb, offset, 4, gquic_info->encoding, &stream_id); |
1793 | 0 | offset += 4; |
1794 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_rsts_byte_offset, tvb, offset, 8, gquic_info->encoding); |
1795 | 0 | offset += 8; |
1796 | 0 | proto_tree_add_item_ret_uint(ft_tree, hf_gquic_frame_type_rsts_error_code, tvb, offset, 4, gquic_info->encoding, &error_code); |
1797 | 0 | offset += 4; |
1798 | 0 | proto_item_append_text(ti_ft, " Stream ID: %u, Error code: %s", stream_id, val_to_str_ext(pinfo->pool, error_code, &rststream_error_code_vals_ext, "Unknown (%d)")); |
1799 | 0 | col_set_str(pinfo->cinfo, COL_INFO, "RST STREAM"); |
1800 | 0 | } |
1801 | 0 | break; |
1802 | 0 | case FT_CONNECTION_CLOSE:{ |
1803 | 0 | uint16_t len_reason; |
1804 | 0 | uint32_t error_code; |
1805 | |
|
1806 | 0 | proto_tree_add_item_ret_uint(ft_tree, hf_gquic_frame_type_cc_error_code, tvb, offset, 4, gquic_info->encoding, &error_code); |
1807 | 0 | offset += 4; |
1808 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_cc_reason_phrase_length, tvb, offset, 2, gquic_info->encoding); |
1809 | 0 | len_reason = tvb_get_uint16(tvb, offset, gquic_info->encoding); |
1810 | 0 | offset += 2; |
1811 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_cc_reason_phrase, tvb, offset, len_reason, ENC_ASCII); |
1812 | 0 | offset += len_reason; |
1813 | 0 | proto_item_append_text(ti_ft, " Error code: %s", val_to_str_ext(pinfo->pool, error_code, &error_code_vals_ext, "Unknown (%d)")); |
1814 | 0 | col_set_str(pinfo->cinfo, COL_INFO, "Connection Close"); |
1815 | 0 | } |
1816 | 0 | break; |
1817 | 0 | case FT_GOAWAY:{ |
1818 | 0 | uint16_t len_reason; |
1819 | 0 | uint32_t error_code, last_good_stream_id; |
1820 | |
|
1821 | 0 | proto_tree_add_item_ret_uint(ft_tree, hf_gquic_frame_type_goaway_error_code, tvb, offset, 4, gquic_info->encoding, &error_code); |
1822 | 0 | offset += 4; |
1823 | 0 | proto_tree_add_item_ret_uint(ft_tree, hf_gquic_frame_type_goaway_last_good_stream_id, tvb, offset, 4, gquic_info->encoding, &last_good_stream_id); |
1824 | 0 | offset += 4; |
1825 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_goaway_reason_phrase_length, tvb, offset, 2, gquic_info->encoding); |
1826 | 0 | len_reason = tvb_get_uint16(tvb, offset, gquic_info->encoding); |
1827 | 0 | offset += 2; |
1828 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_goaway_reason_phrase, tvb, offset, len_reason, ENC_ASCII); |
1829 | 0 | offset += len_reason; |
1830 | 0 | proto_item_append_text(ti_ft, " Stream ID: %u, Error code: %s", last_good_stream_id, val_to_str_ext(pinfo->pool, error_code, &error_code_vals_ext, "Unknown (%d)")); |
1831 | 0 | col_set_str(pinfo->cinfo, COL_INFO, "GOAWAY"); |
1832 | 0 | } |
1833 | 0 | break; |
1834 | 0 | case FT_WINDOW_UPDATE:{ |
1835 | 0 | uint32_t stream_id; |
1836 | |
|
1837 | 0 | proto_tree_add_item_ret_uint(ft_tree, hf_gquic_frame_type_wu_stream_id, tvb, offset, 4, gquic_info->encoding, &stream_id); |
1838 | 0 | offset += 4; |
1839 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_wu_byte_offset, tvb, offset, 8, gquic_info->encoding); |
1840 | 0 | offset += 8; |
1841 | 0 | proto_item_append_text(ti_ft, " Stream ID: %u", stream_id); |
1842 | 0 | } |
1843 | 0 | break; |
1844 | 0 | case FT_BLOCKED:{ |
1845 | 0 | uint32_t stream_id; |
1846 | |
|
1847 | 0 | proto_tree_add_item_ret_uint(ft_tree, hf_gquic_frame_type_blocked_stream_id, tvb, offset, 4, gquic_info->encoding, &stream_id); |
1848 | 0 | offset += 4; |
1849 | 0 | proto_item_append_text(ti_ft, " Stream ID: %u", stream_id); |
1850 | 0 | } |
1851 | 0 | break; |
1852 | 0 | case FT_STOP_WAITING:{ |
1853 | 0 | uint8_t send_entropy; |
1854 | 0 | if(gquic_info->version_valid && gquic_info->version < 34){ /* No longer Entropy after Q034 */ |
1855 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_sw_send_entropy, tvb, offset, 1, ENC_NA); |
1856 | 0 | send_entropy = tvb_get_uint8(tvb, offset); |
1857 | 0 | proto_item_append_text(ti_ft, " Send Entropy: %u", send_entropy); |
1858 | 0 | offset += 1; |
1859 | 0 | } |
1860 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_sw_least_unacked_delta, tvb, offset, len_pkn, gquic_info->encoding); |
1861 | 0 | offset += len_pkn; |
1862 | |
|
1863 | 0 | } |
1864 | 0 | break; |
1865 | 0 | case FT_PING: /* No Payload */ |
1866 | 0 | default: /* No default */ |
1867 | 0 | break; |
1868 | 0 | } |
1869 | 0 | } |
1870 | 0 | else { /* Special Frame Types */ |
1871 | 0 | uint32_t stream_id, message_tag; |
1872 | 0 | const uint8_t* message_tag_str; |
1873 | 0 | proto_item *ti_stream; |
1874 | |
|
1875 | 0 | ftflags_tree = proto_item_add_subtree(ti_ftflags, ett_gquic_ftflags); |
1876 | 0 | proto_tree_add_item(ftflags_tree, hf_gquic_frame_type_stream , tvb, offset, 1, ENC_NA); |
1877 | |
|
1878 | 0 | if(frame_type == FT_CRYPTO) { |
1879 | 0 | uint64_t crypto_offset, crypto_length; |
1880 | 0 | int32_t lenvar; |
1881 | |
|
1882 | 0 | DISSECTOR_ASSERT(gquic_info->version_valid && gquic_info->version >= 50); |
1883 | |
|
1884 | 0 | col_append_str(pinfo->cinfo, COL_INFO, ", CRYPTO"); |
1885 | 0 | offset += 1; |
1886 | 0 | proto_tree_add_item_ret_varint(ft_tree, hf_gquic_crypto_offset, tvb, offset, -1, ENC_VARINT_QUIC, &crypto_offset, &lenvar); |
1887 | 0 | offset += lenvar; |
1888 | 0 | proto_tree_add_item_ret_varint(ft_tree, hf_gquic_crypto_length, tvb, offset, -1, ENC_VARINT_QUIC, &crypto_length, &lenvar); |
1889 | 0 | offset += lenvar; |
1890 | 0 | proto_tree_add_item(ft_tree, hf_gquic_crypto_crypto_data, tvb, offset, (uint32_t)crypto_length, ENC_NA); |
1891 | |
|
1892 | 0 | if (gquic_info->version == 50) { |
1893 | 0 | message_tag = tvb_get_ntohl(tvb, offset); |
1894 | 0 | ti = proto_tree_add_item_ret_string(ft_tree, hf_gquic_tag, tvb, offset, 4, ENC_ASCII|ENC_NA, pinfo->pool, &message_tag_str); |
1895 | 0 | proto_item_append_text(ti, " (%s)", val_to_str_const(message_tag, message_tag_vals, "Unknown Tag")); |
1896 | 0 | col_set_str(pinfo->cinfo, COL_INFO, val_to_str_const(message_tag, message_tag_vals, "Unknown")); |
1897 | 0 | offset += 4; |
1898 | |
|
1899 | 0 | offset = dissect_gquic_tags(tvb, pinfo, ft_tree, offset); |
1900 | 0 | } else { /* T050 and T051 */ |
1901 | 0 | tvbuff_t *next_tvb = tvb_new_subset_length(tvb, offset, (int)crypto_length); |
1902 | 0 | col_set_writable(pinfo->cinfo, -1, false); |
1903 | 0 | call_dissector_with_data(tls13_handshake_handle, next_tvb, pinfo, ft_tree, GUINT_TO_POINTER((unsigned)crypto_offset)); |
1904 | 0 | col_set_writable(pinfo->cinfo, -1, true); |
1905 | 0 | offset += (uint32_t)crypto_length; |
1906 | 0 | } |
1907 | |
|
1908 | 0 | } else if(frame_type & FTFLAGS_STREAM){ /* Stream Flags */ |
1909 | 0 | proto_tree_add_item(ftflags_tree, hf_gquic_frame_type_stream_f, tvb, offset, 1, ENC_NA); |
1910 | 0 | proto_tree_add_item(ftflags_tree, hf_gquic_frame_type_stream_d, tvb, offset, 1, ENC_NA); |
1911 | 0 | if(frame_type & FTFLAGS_STREAM_D){ |
1912 | 0 | len_data = 2; |
1913 | 0 | } |
1914 | 0 | proto_tree_add_item(ftflags_tree, hf_gquic_frame_type_stream_ooo, tvb, offset, 1, ENC_NA); |
1915 | |
|
1916 | 0 | len_offset = get_len_offset(frame_type); |
1917 | |
|
1918 | 0 | proto_tree_add_item(ftflags_tree, hf_gquic_frame_type_stream_ss, tvb, offset, 1, ENC_NA); |
1919 | 0 | len_stream = get_len_stream(frame_type); |
1920 | 0 | offset += 1; |
1921 | |
|
1922 | 0 | ti_stream = proto_tree_add_item_ret_uint(ft_tree, hf_gquic_stream_id, tvb, offset, len_stream, gquic_info->encoding, &stream_id); |
1923 | 0 | offset += len_stream; |
1924 | |
|
1925 | 0 | proto_item_append_text(ti_ft, " Stream ID: %u", stream_id); |
1926 | |
|
1927 | 0 | if(len_offset) { |
1928 | 0 | proto_tree_add_item(ft_tree, hf_gquic_offset, tvb, offset, len_offset, gquic_info->encoding); |
1929 | 0 | offset += len_offset; |
1930 | 0 | } |
1931 | |
|
1932 | 0 | if(len_data) { |
1933 | 0 | proto_tree_add_item(ft_tree, hf_gquic_data_len, tvb, offset, len_data, gquic_info->encoding); |
1934 | 0 | offset += len_data; |
1935 | 0 | } |
1936 | | |
1937 | | /* Check if there is some reserved streams (Chapiter 6.1 of draft-shade-gquic-http2-mapping-00) */ |
1938 | |
|
1939 | 0 | switch(stream_id) { |
1940 | 0 | case 1: { /* Reserved (G)QUIC (handshake, crypto, config updates...) */ |
1941 | 0 | message_tag = tvb_get_ntohl(tvb, offset); |
1942 | 0 | ti = proto_tree_add_item_ret_string(ft_tree, hf_gquic_tag, tvb, offset, 4, ENC_ASCII|ENC_NA, pinfo->pool, &message_tag_str); |
1943 | |
|
1944 | 0 | proto_item_append_text(ti_stream, " (Reserved for (G)QUIC handshake, crypto, config updates...)"); |
1945 | 0 | proto_item_append_text(ti, " (%s)", val_to_str_const(message_tag, message_tag_vals, "Unknown Tag")); |
1946 | 0 | proto_item_append_text(ti_ft, ", Type: %s (%s)", message_tag_str, val_to_str_const(message_tag, message_tag_vals, "Unknown Tag")); |
1947 | 0 | col_set_str(pinfo->cinfo, COL_INFO, val_to_str_const(message_tag, message_tag_vals, "Unknown")); |
1948 | 0 | offset += 4; |
1949 | |
|
1950 | 0 | offset = dissect_gquic_tags(tvb, pinfo, ft_tree, offset); |
1951 | 0 | break; |
1952 | 0 | } |
1953 | 0 | case 3: { /* Reserved H2 HEADERS (or PUSH_PROMISE..) */ |
1954 | 0 | tvbuff_t* tvb_h2; |
1955 | |
|
1956 | 0 | proto_item_append_text(ti_stream, " (Reserved for H2 HEADERS)"); |
1957 | | |
1958 | | /* XXX - Set COL_PROTOCOL to "HTTP2"? */ |
1959 | 0 | col_set_str(pinfo->cinfo, COL_INFO, "H2"); |
1960 | |
|
1961 | 0 | tvb_h2 = tvb_new_subset_remaining(tvb, offset); |
1962 | |
|
1963 | 0 | offset += dissect_http2_pdu(tvb_h2, pinfo, ft_tree, NULL); |
1964 | 0 | } |
1965 | 0 | break; |
1966 | 0 | default: { /* Data... */ |
1967 | 0 | int data_len = tvb_reported_length_remaining(tvb, offset); |
1968 | |
|
1969 | 0 | col_set_str(pinfo->cinfo, COL_INFO, "DATA"); |
1970 | |
|
1971 | 0 | proto_tree_add_item(ft_tree, hf_gquic_stream_data, tvb, offset, data_len, ENC_NA); |
1972 | 0 | offset += data_len; |
1973 | 0 | } |
1974 | 0 | break; |
1975 | 0 | } |
1976 | 0 | } else if (frame_type & FTFLAGS_ACK) { /* ACK Flags */ |
1977 | |
|
1978 | 0 | proto_tree_add_item(ftflags_tree, hf_gquic_frame_type_ack, tvb, offset, 1, ENC_NA); |
1979 | |
|
1980 | 0 | proto_tree_add_item(ftflags_tree, hf_gquic_frame_type_ack_n, tvb, offset, 1, ENC_NA); |
1981 | |
|
1982 | 0 | if(gquic_info->version_valid && gquic_info->version < 34){ /* No longer NACK after Q034 */ |
1983 | 0 | proto_tree_add_item(ftflags_tree, hf_gquic_frame_type_ack_t, tvb, offset, 1, ENC_NA); |
1984 | 0 | } else { |
1985 | 0 | proto_tree_add_item(ftflags_tree, hf_gquic_frame_type_ack_u, tvb, offset, 1, ENC_NA); |
1986 | 0 | } |
1987 | 0 | proto_tree_add_item(ftflags_tree, hf_gquic_frame_type_ack_ll, tvb, offset, 1, ENC_NA); |
1988 | |
|
1989 | 0 | len_largest_observed = get_len_largest_observed(frame_type); |
1990 | |
|
1991 | 0 | proto_tree_add_item(ftflags_tree, hf_gquic_frame_type_ack_mm, tvb, offset, 1, ENC_NA); |
1992 | 0 | len_missing_packet = get_len_missing_packet(frame_type); |
1993 | 0 | offset += 1; |
1994 | |
|
1995 | 0 | if(gquic_info->version_valid && gquic_info->version < 34){ /* Big change after Q034 */ |
1996 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_received_entropy, tvb, offset, 1, ENC_NA); |
1997 | 0 | offset += 1; |
1998 | |
|
1999 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_largest_observed, tvb, offset, len_largest_observed, gquic_info->encoding); |
2000 | 0 | offset += len_largest_observed; |
2001 | |
|
2002 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_ack_delay_time, tvb, offset, 2, gquic_info->encoding); |
2003 | 0 | offset += 2; |
2004 | |
|
2005 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_num_timestamp, tvb, offset, 1, ENC_NA); |
2006 | 0 | num_timestamp = tvb_get_uint8(tvb, offset); |
2007 | 0 | offset += 1; |
2008 | |
|
2009 | 0 | if(num_timestamp){ |
2010 | | |
2011 | | /* Delta Largest Observed */ |
2012 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_delta_largest_observed, tvb, offset, 1, ENC_NA); |
2013 | 0 | offset += 1; |
2014 | | |
2015 | | /* First Timestamp */ |
2016 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_first_timestamp, tvb, offset, 4, gquic_info->encoding); |
2017 | 0 | offset += 4; |
2018 | |
|
2019 | 0 | num_timestamp -= 1; |
2020 | | /* Num Timestamp (-1) x (Delta Largest Observed + Time Since Previous Timestamp) */ |
2021 | 0 | while(num_timestamp){ |
2022 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_delta_largest_observed, tvb, offset, 1, ENC_NA); |
2023 | 0 | offset += 1; |
2024 | |
|
2025 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_time_since_previous_timestamp, tvb, offset, 2, gquic_info->encoding); |
2026 | 0 | offset += 2; |
2027 | |
|
2028 | 0 | num_timestamp--; |
2029 | 0 | } |
2030 | 0 | } |
2031 | |
|
2032 | 0 | if(frame_type & FTFLAGS_ACK_N){ |
2033 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_num_ranges, tvb, offset, 1, ENC_NA); |
2034 | 0 | num_ranges = tvb_get_uint8(tvb, offset); |
2035 | 0 | offset += 1; |
2036 | 0 | while(num_ranges){ |
2037 | |
|
2038 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_missing_packet, tvb, offset, len_missing_packet, gquic_info->encoding); |
2039 | 0 | offset += len_missing_packet; |
2040 | |
|
2041 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_range_length, tvb, offset, 1, ENC_NA); |
2042 | 0 | offset += 1; |
2043 | 0 | num_ranges--; |
2044 | 0 | } |
2045 | |
|
2046 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_num_revived, tvb, offset, 1, ENC_NA); |
2047 | 0 | num_revived = tvb_get_uint8(tvb, offset); |
2048 | 0 | offset += 1; |
2049 | 0 | while(num_revived){ |
2050 | |
|
2051 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_revived_packet, tvb, offset, len_largest_observed, gquic_info->encoding); |
2052 | 0 | offset += len_largest_observed; |
2053 | 0 | num_revived--; |
2054 | |
|
2055 | 0 | } |
2056 | |
|
2057 | 0 | } |
2058 | |
|
2059 | 0 | } else { |
2060 | | |
2061 | | /* Largest Acked */ |
2062 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_largest_acked, tvb, offset, len_largest_observed, gquic_info->encoding); |
2063 | 0 | offset += len_largest_observed; |
2064 | | |
2065 | | /* Largest Acked Delta Time*/ |
2066 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_largest_acked_delta_time, tvb, offset, 2, gquic_info->encoding); |
2067 | 0 | offset += 2; |
2068 | | |
2069 | | /* Ack Block */ |
2070 | 0 | if(frame_type & FTFLAGS_ACK_N){ |
2071 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_num_blocks, tvb, offset, 1, ENC_NA); |
2072 | 0 | num_blocks = tvb_get_uint8(tvb, offset); |
2073 | 0 | offset += 1; |
2074 | 0 | } |
2075 | | |
2076 | | /* First Ack Block Length */ |
2077 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_first_ack_block_length, tvb, offset, len_missing_packet, gquic_info->encoding); |
2078 | 0 | offset += len_missing_packet; |
2079 | |
|
2080 | 0 | while(num_blocks){ |
2081 | | /* Gap to next block */ |
2082 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_gap_to_next_block, tvb, offset, 1, ENC_NA); |
2083 | 0 | offset += 1; |
2084 | | |
2085 | | /* Ack Block Length */ |
2086 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_ack_block_length, tvb, offset, len_missing_packet, gquic_info->encoding); |
2087 | 0 | offset += len_missing_packet; |
2088 | |
|
2089 | 0 | num_blocks--; |
2090 | 0 | } |
2091 | | |
2092 | | /* Timestamp */ |
2093 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_num_timestamp, tvb, offset, 1, ENC_NA); |
2094 | 0 | num_timestamp = tvb_get_uint8(tvb, offset); |
2095 | 0 | offset += 1; |
2096 | |
|
2097 | 0 | if(num_timestamp){ |
2098 | | |
2099 | | /* Delta Largest Acked */ |
2100 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_delta_largest_acked, tvb, offset, 1, ENC_NA); |
2101 | 0 | offset += 1; |
2102 | | |
2103 | | /* Time Since Largest Acked */ |
2104 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_time_since_largest_acked, tvb, offset, 4, gquic_info->encoding); |
2105 | 0 | offset += 4; |
2106 | |
|
2107 | 0 | num_timestamp -= 1; |
2108 | | /* Num Timestamp x (Delta Largest Acked + Time Since Previous Timestamp) */ |
2109 | 0 | while(num_timestamp){ |
2110 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_delta_largest_acked, tvb, offset, 1, ENC_NA); |
2111 | 0 | offset += 1; |
2112 | |
|
2113 | 0 | proto_tree_add_item(ft_tree, hf_gquic_frame_type_ack_time_since_previous_timestamp, tvb, offset, 2, gquic_info->encoding); |
2114 | 0 | offset += 2; |
2115 | |
|
2116 | 0 | num_timestamp--; |
2117 | 0 | } |
2118 | 0 | } |
2119 | |
|
2120 | 0 | } |
2121 | |
|
2122 | 0 | } else { /* Other ...*/ |
2123 | 0 | offset += 1; |
2124 | 0 | } |
2125 | 0 | } |
2126 | 0 | return offset; |
2127 | |
|
2128 | 0 | } |
2129 | | |
2130 | | static int |
2131 | 0 | dissect_gquic_unencrypt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, unsigned offset, uint8_t len_pkn, gquic_info_data_t *gquic_info){ |
2132 | 0 | proto_item *ti_prflags; |
2133 | 0 | proto_tree *prflags_tree; |
2134 | | |
2135 | | /* Message Authentication Hash */ |
2136 | 0 | proto_tree_add_item(gquic_tree, hf_gquic_message_authentication_hash, tvb, offset, 12, ENC_NA); |
2137 | 0 | offset += 12; |
2138 | |
|
2139 | 0 | if(gquic_info->version_valid && gquic_info->version < 34){ /* No longer Private Flags after Q034 */ |
2140 | | /* Private Flags */ |
2141 | 0 | ti_prflags = proto_tree_add_item(gquic_tree, hf_gquic_prflags, tvb, offset, 1, ENC_NA); |
2142 | 0 | prflags_tree = proto_item_add_subtree(ti_prflags, ett_gquic_prflags); |
2143 | 0 | proto_tree_add_item(prflags_tree, hf_gquic_prflags_entropy, tvb, offset, 1, ENC_NA); |
2144 | 0 | proto_tree_add_item(prflags_tree, hf_gquic_prflags_fecg, tvb, offset, 1, ENC_NA); |
2145 | 0 | proto_tree_add_item(prflags_tree, hf_gquic_prflags_fec, tvb, offset, 1, ENC_NA); |
2146 | 0 | proto_tree_add_item(prflags_tree, hf_gquic_prflags_rsv, tvb, offset, 1, ENC_NA); |
2147 | 0 | offset += 1; |
2148 | 0 | } |
2149 | |
|
2150 | 0 | while(tvb_reported_length_remaining(tvb, offset) > 0){ |
2151 | 0 | offset = dissect_gquic_frame_type(tvb, pinfo, gquic_tree, offset, len_pkn, gquic_info); |
2152 | 0 | } |
2153 | |
|
2154 | 0 | return offset; |
2155 | |
|
2156 | 0 | } |
2157 | | |
2158 | | static int |
2159 | | dissect_gquic_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
2160 | | void *data _U_) |
2161 | 0 | { |
2162 | 0 | proto_item *ti, *ti_puflags; /*, *expert_ti*/ |
2163 | 0 | proto_tree *gquic_tree, *puflags_tree; |
2164 | 0 | unsigned offset = 0; |
2165 | 0 | uint8_t puflags, len_cid = 0, len_pkn; |
2166 | 0 | uint64_t cid = 0, pkn; |
2167 | 0 | conversation_t *conv; |
2168 | 0 | gquic_info_data_t *gquic_info; |
2169 | |
|
2170 | 0 | if (tvb_captured_length(tvb) < GQUIC_MIN_LENGTH) |
2171 | 0 | return 0; |
2172 | | |
2173 | | |
2174 | | /* get conversation, create if necessary*/ |
2175 | 0 | conv = find_or_create_conversation(pinfo); |
2176 | | |
2177 | | /* get associated state information, create if necessary */ |
2178 | 0 | gquic_info = (gquic_info_data_t *)conversation_get_proto_data(conv, proto_gquic); |
2179 | |
|
2180 | 0 | if (!gquic_info) { |
2181 | 0 | gquic_info = wmem_new(wmem_file_scope(), gquic_info_data_t); |
2182 | 0 | gquic_info->version = 0; |
2183 | 0 | gquic_info->encoding = ENC_LITTLE_ENDIAN; |
2184 | 0 | gquic_info->version_valid = true; |
2185 | 0 | gquic_info->server_port = 443; |
2186 | 0 | conversation_add_proto_data(conv, proto_gquic, gquic_info); |
2187 | 0 | } |
2188 | |
|
2189 | 0 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "GQUIC"); |
2190 | |
|
2191 | 0 | ti = proto_tree_add_item(tree, proto_gquic, tvb, 0, -1, ENC_NA); |
2192 | 0 | gquic_tree = proto_item_add_subtree(ti, ett_gquic); |
2193 | | |
2194 | | /* Public Flags */ |
2195 | 0 | puflags = tvb_get_uint8(tvb, offset); |
2196 | | |
2197 | | /* Get len of CID */ |
2198 | 0 | if(puflags & PUFLAGS_CID){ |
2199 | 0 | len_cid = 8; |
2200 | 0 | } |
2201 | | /* check and get (and store) version */ |
2202 | 0 | if(puflags & PUFLAGS_VRSN){ |
2203 | 0 | gquic_info->version_valid = ws_strtou8((char*)tvb_get_string_enc(pinfo->pool, tvb, |
2204 | 0 | offset + 1 + len_cid + 1, 3, ENC_ASCII), NULL, &gquic_info->version); |
2205 | 0 | if (!gquic_info->version_valid) |
2206 | 0 | expert_add_info(pinfo, gquic_tree, &ei_gquic_version_invalid); |
2207 | 0 | } |
2208 | |
|
2209 | 0 | if(gquic_info->version >= 39){ /* After Q039, Integers and floating numbers are written in big endian*/ |
2210 | 0 | gquic_info->encoding = ENC_BIG_ENDIAN; |
2211 | 0 | } |
2212 | 0 | ti_puflags = proto_tree_add_item(gquic_tree, hf_gquic_puflags, tvb, offset, 1, ENC_NA); |
2213 | 0 | puflags_tree = proto_item_add_subtree(ti_puflags, ett_gquic_puflags); |
2214 | 0 | proto_tree_add_item(puflags_tree, hf_gquic_puflags_vrsn, tvb, offset, 1, ENC_NA); |
2215 | 0 | proto_tree_add_item(puflags_tree, hf_gquic_puflags_rst, tvb, offset, 1, ENC_NA); |
2216 | 0 | if (gquic_info->version_valid) { |
2217 | 0 | if(gquic_info->version < 33){ |
2218 | 0 | proto_tree_add_item(puflags_tree, hf_gquic_puflags_cid_old, tvb, offset, 1, ENC_NA); |
2219 | 0 | } else { |
2220 | 0 | proto_tree_add_item(puflags_tree, hf_gquic_puflags_dnonce, tvb, offset, 1, ENC_NA); |
2221 | 0 | proto_tree_add_item(puflags_tree, hf_gquic_puflags_cid, tvb, offset, 1, ENC_NA); |
2222 | 0 | } |
2223 | 0 | } |
2224 | 0 | proto_tree_add_item(puflags_tree, hf_gquic_puflags_pkn, tvb, offset, 1, ENC_NA); |
2225 | 0 | proto_tree_add_item(puflags_tree, hf_gquic_puflags_mpth, tvb, offset, 1, ENC_NA); |
2226 | 0 | proto_tree_add_item(puflags_tree, hf_gquic_puflags_rsv, tvb, offset, 1, ENC_NA); |
2227 | 0 | offset += 1; |
2228 | | |
2229 | | /* CID */ |
2230 | 0 | if (len_cid) { |
2231 | 0 | cid = tvb_get_uint64(tvb, offset, gquic_info->encoding); |
2232 | 0 | proto_tree_add_item(gquic_tree, hf_gquic_cid, tvb, offset, len_cid, gquic_info->encoding); |
2233 | 0 | offset += len_cid; |
2234 | 0 | } |
2235 | | |
2236 | | /* Version */ |
2237 | 0 | if(puflags & PUFLAGS_VRSN){ |
2238 | 0 | if(pinfo->srcport == gquic_info->server_port){ /* Version Negotiation Packet */ |
2239 | 0 | while(tvb_reported_length_remaining(tvb, offset) > 0){ |
2240 | 0 | proto_tree_add_item(gquic_tree, hf_gquic_version, tvb, offset, 4, ENC_ASCII); |
2241 | 0 | offset += 4; |
2242 | 0 | } |
2243 | 0 | col_add_fstr(pinfo->cinfo, COL_INFO, "Version Negotiation, CID: %" PRIu64, cid); |
2244 | 0 | return offset; |
2245 | 0 | } |
2246 | 0 | else{ |
2247 | 0 | proto_tree_add_item(gquic_tree, hf_gquic_version, tvb, offset, 4, ENC_ASCII); |
2248 | 0 | offset += 4; |
2249 | 0 | } |
2250 | 0 | } |
2251 | | |
2252 | | /* Public Reset Packet */ |
2253 | 0 | if(puflags & PUFLAGS_RST){ |
2254 | 0 | uint32_t tag_number, message_tag; |
2255 | |
|
2256 | 0 | ti = proto_tree_add_item(gquic_tree, hf_gquic_tag, tvb, offset, 4, ENC_ASCII); |
2257 | 0 | message_tag = tvb_get_ntohl(tvb, offset); |
2258 | 0 | proto_item_append_text(ti, " (%s)", val_to_str_const(message_tag, message_tag_vals, "Unknown Tag")); |
2259 | 0 | offset += 4; |
2260 | |
|
2261 | 0 | proto_tree_add_item(gquic_tree, hf_gquic_tag_number, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
2262 | 0 | tag_number = tvb_get_uint16(tvb, offset, ENC_LITTLE_ENDIAN); |
2263 | 0 | offset += 2; |
2264 | |
|
2265 | 0 | proto_tree_add_item(gquic_tree, hf_gquic_padding, tvb, offset, 2, ENC_NA); |
2266 | 0 | offset += 2; |
2267 | |
|
2268 | 0 | offset = dissect_gquic_tag(tvb, pinfo, gquic_tree, offset, tag_number); |
2269 | |
|
2270 | 0 | col_add_fstr(pinfo->cinfo, COL_INFO, "Public Reset, CID: %" PRIu64, cid); |
2271 | |
|
2272 | 0 | return offset; |
2273 | 0 | } |
2274 | | |
2275 | | /* Diversification Nonce */ |
2276 | 0 | if(gquic_info->version_valid && (puflags & PUFLAGS_DNONCE) && (gquic_info->version >= 33)){ |
2277 | 0 | if(pinfo->srcport == gquic_info->server_port){ /* Diversification nonce is only present from server to client */ |
2278 | 0 | proto_tree_add_item(gquic_tree, hf_gquic_diversification_nonce, tvb, offset, 32, ENC_NA); |
2279 | 0 | offset += 32; |
2280 | 0 | } |
2281 | 0 | } |
2282 | | |
2283 | | /* Packet Number */ |
2284 | | |
2285 | | /* Get len of packet number */ |
2286 | 0 | len_pkn = get_len_packet_number(puflags); |
2287 | 0 | proto_tree_add_item_ret_uint64(gquic_tree, hf_gquic_packet_number, tvb, offset, len_pkn, gquic_info->encoding, &pkn); |
2288 | 0 | offset += len_pkn; |
2289 | | |
2290 | | /* Unencrypt Message (Handshake or Connection Close...) */ |
2291 | 0 | if (is_gquic_unencrypt(tvb, pinfo, offset, len_pkn, gquic_info) || g_gquic_debug){ |
2292 | 0 | offset = dissect_gquic_unencrypt(tvb, pinfo, gquic_tree, offset, len_pkn, gquic_info); |
2293 | 0 | }else { /* Payload... (encrypted... TODO FIX !) */ |
2294 | 0 | col_set_str(pinfo->cinfo, COL_INFO, "Payload (Encrypted)"); |
2295 | 0 | proto_tree_add_item(gquic_tree, hf_gquic_payload, tvb, offset, -1, ENC_NA); |
2296 | |
|
2297 | 0 | } |
2298 | |
|
2299 | 0 | col_append_fstr(pinfo->cinfo, COL_INFO, ", PKN: %" PRIu64, pkn); |
2300 | |
|
2301 | 0 | if(cid){ |
2302 | 0 | col_append_fstr(pinfo->cinfo, COL_INFO, ", CID: %" PRIu64, cid); |
2303 | 0 | } |
2304 | | |
2305 | |
|
2306 | 0 | return offset; |
2307 | 0 | } |
2308 | | |
2309 | | static int |
2310 | | dissect_gquic_q046(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
2311 | | void *data _U_) |
2312 | 0 | { |
2313 | 0 | proto_item *ti, *ti_firstbyte; /*, *expert_ti*/ |
2314 | 0 | proto_tree *gquic_tree, *firstbyte_tree; |
2315 | 0 | unsigned offset = 0; |
2316 | 0 | uint8_t first_byte, len_cid, cil, len_pkn; |
2317 | 0 | uint64_t cid = 0, pkn = 0; |
2318 | 0 | conversation_t *conv; |
2319 | 0 | gquic_info_data_t *gquic_info; |
2320 | | |
2321 | | /* get conversation, create if necessary*/ |
2322 | 0 | conv = find_or_create_conversation(pinfo); |
2323 | | |
2324 | | /* get associated state information, create if necessary */ |
2325 | 0 | gquic_info = (gquic_info_data_t *)conversation_get_proto_data(conv, proto_gquic); |
2326 | |
|
2327 | 0 | if (!gquic_info) { |
2328 | 0 | gquic_info = wmem_new(wmem_file_scope(), gquic_info_data_t); |
2329 | 0 | gquic_info->version = 0; |
2330 | 0 | gquic_info->encoding = ENC_BIG_ENDIAN; |
2331 | 0 | gquic_info->version_valid = true; |
2332 | 0 | gquic_info->server_port = 443; |
2333 | 0 | conversation_add_proto_data(conv, proto_gquic, gquic_info); |
2334 | 0 | } |
2335 | |
|
2336 | 0 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "GQUIC"); |
2337 | |
|
2338 | 0 | ti = proto_tree_add_item(tree, proto_gquic, tvb, 0, -1, ENC_NA); |
2339 | 0 | gquic_tree = proto_item_add_subtree(ti, ett_gquic); |
2340 | | |
2341 | | /* First byte */ |
2342 | 0 | first_byte = tvb_get_uint8(tvb, offset); |
2343 | 0 | len_pkn = (first_byte & 0x03) + 1; |
2344 | |
|
2345 | 0 | ti_firstbyte = proto_tree_add_item(gquic_tree, hf_gquic_puflags, tvb, offset, 1, ENC_NA); |
2346 | 0 | firstbyte_tree = proto_item_add_subtree(ti_firstbyte, ett_gquic_puflags); |
2347 | 0 | proto_tree_add_item(firstbyte_tree, hf_gquic_header_form, tvb, offset, 1, ENC_NA); |
2348 | 0 | proto_tree_add_item(firstbyte_tree, hf_gquic_fixed_bit, tvb, offset, 1, ENC_NA); |
2349 | |
|
2350 | 0 | if((first_byte & PUFLAGS_MPTH) && (first_byte & PUFLAGS_RSV)) { |
2351 | | /* Long Header. We handle only Q046 */ |
2352 | |
|
2353 | 0 | gquic_info->version_valid = ws_strtou8((char*)tvb_get_string_enc(pinfo->pool, tvb, |
2354 | 0 | offset + 2, 3, ENC_ASCII), NULL, &gquic_info->version); |
2355 | 0 | if (!gquic_info->version_valid) { |
2356 | 0 | expert_add_info(pinfo, gquic_tree, &ei_gquic_version_invalid); |
2357 | 0 | } |
2358 | |
|
2359 | 0 | cil = tvb_get_uint8(tvb, offset + 5); |
2360 | 0 | if(pinfo->srcport == gquic_info->server_port) { /* Server to client */ |
2361 | 0 | len_cid = (cil & 0x0F) + 3; |
2362 | 0 | } else { |
2363 | 0 | len_cid = ((cil & 0xF0) >> 4) + 3; |
2364 | 0 | } |
2365 | 0 | if (len_cid != 8) { |
2366 | 0 | expert_add_info(pinfo, gquic_tree, &ei_gquic_invalid_parameter); |
2367 | 0 | } |
2368 | |
|
2369 | 0 | proto_tree_add_item(firstbyte_tree, hf_gquic_long_packet_type, tvb, offset, 1, ENC_NA); |
2370 | 0 | proto_tree_add_item(firstbyte_tree, hf_gquic_long_reserved, tvb, offset, 1, ENC_NA); |
2371 | 0 | proto_tree_add_item(firstbyte_tree, hf_gquic_packet_number_length, tvb, offset, 1, ENC_NA); |
2372 | 0 | offset += 1; |
2373 | |
|
2374 | 0 | proto_tree_add_item(gquic_tree, hf_gquic_version, tvb, offset, 4, ENC_ASCII); |
2375 | 0 | offset += 4; |
2376 | |
|
2377 | 0 | proto_tree_add_item(gquic_tree, hf_gquic_dcil, tvb, offset, 1, ENC_NA); |
2378 | 0 | proto_tree_add_item(gquic_tree, hf_gquic_scil, tvb, offset, 1, ENC_NA); |
2379 | 0 | offset += 1; |
2380 | | |
2381 | | /* CID */ |
2382 | 0 | if (len_cid > 0) { |
2383 | 0 | cid = tvb_get_uint64(tvb, offset, gquic_info->encoding); |
2384 | 0 | proto_tree_add_item(gquic_tree, hf_gquic_cid, tvb, offset, len_cid, gquic_info->encoding); |
2385 | 0 | } |
2386 | 0 | offset += len_cid; |
2387 | |
|
2388 | 0 | } else { |
2389 | | /* Short Header. We handle only Q046 */ |
2390 | |
|
2391 | 0 | proto_tree_add_uint(firstbyte_tree, hf_gquic_packet_number_length, tvb, offset, 1, first_byte); |
2392 | |
|
2393 | 0 | offset += 1; |
2394 | |
|
2395 | 0 | if(pinfo->srcport == gquic_info->server_port) { /* Server to client */ |
2396 | 0 | len_cid = 0; |
2397 | 0 | } else { |
2398 | 0 | len_cid = 8; |
2399 | 0 | cid = tvb_get_uint64(tvb, offset, gquic_info->encoding); |
2400 | 0 | proto_tree_add_item(gquic_tree, hf_gquic_cid, tvb, offset, len_cid, gquic_info->encoding); |
2401 | 0 | } |
2402 | 0 | offset += len_cid; |
2403 | 0 | } |
2404 | | |
2405 | | /* Packet Number */ |
2406 | 0 | proto_tree_add_item_ret_uint64(gquic_tree, hf_gquic_packet_number, tvb, offset, len_pkn, gquic_info->encoding, &pkn); |
2407 | 0 | offset += len_pkn; |
2408 | | |
2409 | | /* Unencrypt Message (Handshake or Connection Close...) */ |
2410 | 0 | if (is_gquic_unencrypt(tvb, pinfo, offset, len_pkn, gquic_info) || g_gquic_debug){ |
2411 | 0 | offset = dissect_gquic_unencrypt(tvb, pinfo, gquic_tree, offset, len_pkn, gquic_info); |
2412 | 0 | }else { /* Payload... (encrypted... TODO FIX !) */ |
2413 | 0 | col_set_str(pinfo->cinfo, COL_INFO, "Payload (Encrypted)"); |
2414 | 0 | proto_tree_add_item(gquic_tree, hf_gquic_payload, tvb, offset, -1, ENC_NA); |
2415 | |
|
2416 | 0 | } |
2417 | |
|
2418 | 0 | col_append_fstr(pinfo->cinfo, COL_INFO, ", PKN: %" PRIu64, pkn); |
2419 | |
|
2420 | 0 | if(cid){ |
2421 | 0 | col_append_fstr(pinfo->cinfo, COL_INFO, ", CID: %" PRIu64, cid); |
2422 | 0 | } |
2423 | |
|
2424 | 0 | return offset; |
2425 | 0 | } |
2426 | | |
2427 | | static int |
2428 | | dissect_gquic(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
2429 | | void *data _U_) |
2430 | 0 | { |
2431 | 0 | uint8_t flags; |
2432 | |
|
2433 | 0 | flags = tvb_get_uint8(tvb, 0); |
2434 | 0 | if((flags & PUFLAGS_RSV) == 0 && (flags & PUFLAGS_MPTH) == 0) |
2435 | 0 | return dissect_gquic_common(tvb, pinfo, tree, NULL); |
2436 | 0 | return dissect_gquic_q046(tvb, pinfo, tree, NULL); |
2437 | 0 | } |
2438 | | |
2439 | | static bool dissect_gquic_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) |
2440 | 1.34k | { |
2441 | | |
2442 | 1.34k | conversation_t *conversation = NULL; |
2443 | 1.34k | int offset = 0; |
2444 | 1.34k | uint8_t flags; |
2445 | 1.34k | uint32_t version; |
2446 | | |
2447 | 1.34k | if (tvb_captured_length(tvb) < 1) { |
2448 | 0 | return false; |
2449 | 0 | } |
2450 | 1.34k | flags = tvb_get_uint8(tvb, offset); |
2451 | 1.34k | offset += 1; |
2452 | | |
2453 | 1.34k | if((flags & PUFLAGS_RSV) == 0 && (flags & PUFLAGS_MPTH) == 0) { |
2454 | | /* It may be <= Q043 */ |
2455 | | |
2456 | | /* Verify packet size (Flag (1 byte) + Connection ID (8 bytes) + Version (4 bytes)) */ |
2457 | 622 | if (tvb_captured_length(tvb) < 13) { |
2458 | 217 | return false; |
2459 | 217 | } |
2460 | | |
2461 | | /* Check if flags version is set */ |
2462 | 405 | if((flags & PUFLAGS_VRSN) == 0) { |
2463 | 238 | return false; |
2464 | 238 | } |
2465 | | |
2466 | | /* Connection ID is always set to "long" (8bytes) too */ |
2467 | 167 | if((flags & PUFLAGS_CID) == 0){ |
2468 | 79 | return false; |
2469 | 79 | } |
2470 | 88 | offset += 8; |
2471 | | |
2472 | | /* Check if version start with Q02... (0x51 0x30 0x32), Q03... (0x51 0x30 0x33) or Q04... (0x51 0x30 0x34) */ |
2473 | 88 | version = tvb_get_ntoh24(tvb, offset); |
2474 | 88 | if ( version == GQUIC_MAGIC2 || version == GQUIC_MAGIC3 || version == GQUIC_MAGIC4) { |
2475 | 0 | conversation = find_or_create_conversation(pinfo); |
2476 | 0 | conversation_set_dissector(conversation, gquic_handle); |
2477 | 0 | dissect_gquic(tvb, pinfo, tree, data); |
2478 | 0 | return true; |
2479 | 0 | } |
2480 | 720 | } else if((flags & PUFLAGS_MPTH) && (flags & PUFLAGS_RSV)) { |
2481 | | /* It may be > Q043, Long Header. We handle only Q046 */ |
2482 | | |
2483 | | /* Verify packet size (Flag (1 byte) + Version (4) + DCIL/SCIL (1) + Dest Connection ID (8 bytes)) */ |
2484 | 263 | if (tvb_captured_length(tvb) < 14) { |
2485 | 126 | return false; |
2486 | 126 | } |
2487 | | |
2488 | 137 | version = tvb_get_ntohl(tvb, offset); |
2489 | 137 | if (version != GQUIC_VERSION_Q046) { |
2490 | 137 | return false; |
2491 | 137 | } |
2492 | | |
2493 | 0 | conversation = find_or_create_conversation(pinfo); |
2494 | 0 | conversation_set_dissector(conversation, gquic_handle); |
2495 | 0 | dissect_gquic(tvb, pinfo, tree, data); |
2496 | 0 | return true; |
2497 | 137 | } |
2498 | | |
2499 | 545 | return false; |
2500 | 1.34k | } |
2501 | | |
2502 | | void |
2503 | | proto_register_gquic(void) |
2504 | 14 | { |
2505 | 14 | module_t *gquic_module; |
2506 | | |
2507 | 14 | static hf_register_info hf[] = { |
2508 | | /* Long/Short header for Q046 */ |
2509 | 14 | { &hf_gquic_header_form, |
2510 | 14 | { "Header Form", "gquic.header_form", |
2511 | 14 | FT_UINT8, BASE_DEC, VALS(gquic_short_long_header_vals), 0x80, |
2512 | 14 | "The most significant bit (0x80) of the first octet is set to 1 for long headers and 0 for short headers.", HFILL } |
2513 | 14 | }, |
2514 | 14 | { &hf_gquic_fixed_bit, |
2515 | 14 | { "Fixed Bit", "gquic.fixed_bit", |
2516 | 14 | FT_BOOLEAN, 8, NULL, 0x40, |
2517 | 14 | "Must be 1", HFILL } |
2518 | 14 | }, |
2519 | 14 | { &hf_gquic_long_packet_type, |
2520 | 14 | { "Packet Type", "gquic.long.packet_type", |
2521 | 14 | FT_UINT8, BASE_DEC, VALS(gquic_long_packet_type_vals), 0x30, |
2522 | 14 | "Long Header Packet Type", HFILL } |
2523 | 14 | }, |
2524 | 14 | { &hf_gquic_long_reserved, |
2525 | 14 | { "Reserved", "gquic.long.reserved", |
2526 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0c, |
2527 | 14 | "Reserved bits", HFILL } |
2528 | 14 | }, |
2529 | 14 | { &hf_gquic_packet_number_length, |
2530 | 14 | { "Packet Number Length", "gquic.packet_number_length", |
2531 | 14 | FT_UINT8, BASE_DEC, VALS(gquic_packet_number_lengths), 0x03, |
2532 | 14 | "Packet Number field length", HFILL } |
2533 | 14 | }, |
2534 | 14 | { &hf_gquic_dcil, |
2535 | 14 | { "Destination Connection ID Length", "gquic.dcil", |
2536 | 14 | FT_UINT8, BASE_DEC, VALS(quic_cid_lengths), 0xF0, |
2537 | 14 | NULL, HFILL } |
2538 | 14 | }, |
2539 | 14 | { &hf_gquic_scil, |
2540 | 14 | { "Source Connection ID Length", "gquic.scil", |
2541 | 14 | FT_UINT8, BASE_DEC, VALS(quic_cid_lengths), 0x0F, |
2542 | 14 | NULL, HFILL } |
2543 | 14 | }, |
2544 | | |
2545 | | /* Public header for < Q046 */ |
2546 | 14 | { &hf_gquic_puflags, |
2547 | 14 | { "Public Flags", "gquic.puflags", |
2548 | 14 | FT_UINT8, BASE_HEX, NULL, 0x0, |
2549 | 14 | "Specifying per-packet public flags", HFILL } |
2550 | 14 | }, |
2551 | 14 | { &hf_gquic_puflags_vrsn, |
2552 | 14 | { "Version", "gquic.puflags.version", |
2553 | 14 | FT_BOOLEAN, 8, TFS(&tfs_yes_no), PUFLAGS_VRSN, |
2554 | 14 | "Signifies that this packet also contains the version of the (Google)QUIC protocol", HFILL } |
2555 | 14 | }, |
2556 | 14 | { &hf_gquic_puflags_rst, |
2557 | 14 | { "Reset", "gquic.puflags.reset", |
2558 | 14 | FT_BOOLEAN, 8, TFS(&tfs_yes_no), PUFLAGS_RST, |
2559 | 14 | "Signifies that this packet is a public reset packet", HFILL } |
2560 | 14 | }, |
2561 | 14 | { &hf_gquic_puflags_dnonce, |
2562 | 14 | { "Diversification nonce", "gquic.puflags.nonce", |
2563 | 14 | FT_BOOLEAN, 8, TFS(&tfs_yes_no), PUFLAGS_DNONCE, |
2564 | 14 | "Indicates the presence of a 32 byte diversification nonce", HFILL } |
2565 | 14 | }, |
2566 | 14 | { &hf_gquic_puflags_cid, |
2567 | 14 | { "CID Length", "gquic.puflags.cid", |
2568 | 14 | FT_BOOLEAN, 8, TFS(&puflags_cid_tfs), PUFLAGS_CID, |
2569 | 14 | "Indicates the full 8 byte Connection ID is present", HFILL } |
2570 | 14 | }, |
2571 | 14 | { &hf_gquic_puflags_cid_old, |
2572 | 14 | { "CID Length", "gquic.puflags.cid.old", |
2573 | 14 | FT_UINT8, BASE_HEX, VALS(puflags_cid_old_vals), PUFLAGS_CID_OLD, |
2574 | 14 | "Signifies the Length of CID", HFILL } |
2575 | 14 | }, |
2576 | 14 | { &hf_gquic_puflags_pkn, |
2577 | 14 | { "Packet Number Length", "gquic.puflags.pkn", |
2578 | 14 | FT_UINT8, BASE_HEX, VALS(puflags_pkn_vals), PUFLAGS_PKN, |
2579 | 14 | "Signifies the Length of packet number", HFILL } |
2580 | 14 | }, |
2581 | 14 | { &hf_gquic_puflags_mpth, |
2582 | 14 | { "Multipath", "gquic.puflags.mpth", |
2583 | 14 | FT_BOOLEAN, 8, TFS(&tfs_yes_no), PUFLAGS_MPTH, |
2584 | 14 | "Reserved for multipath use", HFILL } |
2585 | 14 | }, |
2586 | 14 | { &hf_gquic_puflags_rsv, |
2587 | 14 | { "Reserved", "gquic.puflags.rsv", |
2588 | 14 | FT_UINT8, BASE_HEX, NULL, PUFLAGS_RSV, |
2589 | 14 | "Must be Zero", HFILL } |
2590 | 14 | }, |
2591 | 14 | { &hf_gquic_cid, |
2592 | 14 | { "CID", "gquic.cid", |
2593 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
2594 | 14 | "Connection ID 64 bit pseudo random number", HFILL } |
2595 | 14 | }, |
2596 | 14 | { &hf_gquic_version, |
2597 | 14 | { "Version", "gquic.version", |
2598 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
2599 | 14 | "32 bit opaque tag that represents the version of the (Google)QUIC", HFILL } |
2600 | 14 | }, |
2601 | 14 | { &hf_gquic_diversification_nonce, |
2602 | 14 | { "Diversification nonce", "gquic.diversification_nonce", |
2603 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
2604 | 14 | NULL, HFILL } |
2605 | 14 | }, |
2606 | 14 | { &hf_gquic_packet_number, |
2607 | 14 | { "Packet Number", "gquic.packet_number", |
2608 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
2609 | 14 | "The lower 8, 16, 32, or 48 bits of the packet number", HFILL } |
2610 | 14 | }, |
2611 | | |
2612 | 14 | { &hf_gquic_prflags, |
2613 | 14 | { "Private Flags", "gquic.prflags", |
2614 | 14 | FT_UINT8, BASE_HEX, NULL, 0x0, |
2615 | 14 | "Specifying per-packet Private flags", HFILL } |
2616 | 14 | }, |
2617 | | |
2618 | 14 | { &hf_gquic_prflags_entropy, |
2619 | 14 | { "Entropy", "gquic.prflags.entropy", |
2620 | 14 | FT_BOOLEAN, 8, TFS(&tfs_yes_no), PRFLAGS_ENTROPY, |
2621 | 14 | "For data packets, signifies that this packet contains the 1 bit of entropy, for fec packets, contains the xor of the entropy of protected packets", HFILL } |
2622 | 14 | }, |
2623 | 14 | { &hf_gquic_prflags_fecg, |
2624 | 14 | { "FEC Group", "gquic.prflags.fecg", |
2625 | 14 | FT_BOOLEAN, 8, TFS(&tfs_yes_no), PRFLAGS_FECG, |
2626 | 14 | "Indicates whether the fec byte is present.", HFILL } |
2627 | 14 | }, |
2628 | 14 | { &hf_gquic_prflags_fec, |
2629 | 14 | { "FEC", "gquic.prflags.fec", |
2630 | 14 | FT_BOOLEAN, 8, TFS(&tfs_yes_no), PRFLAGS_FEC, |
2631 | 14 | "Signifies that this packet represents an FEC packet", HFILL } |
2632 | 14 | }, |
2633 | 14 | { &hf_gquic_prflags_rsv, |
2634 | 14 | { "Reserved", "gquic.prflags.rsv", |
2635 | 14 | FT_UINT8, BASE_HEX, NULL, PRFLAGS_RSV, |
2636 | 14 | "Must be Zero", HFILL } |
2637 | 14 | }, |
2638 | | |
2639 | 14 | { &hf_gquic_message_authentication_hash, |
2640 | 14 | { "Message Authentication Hash", "gquic.message_authentication_hash", |
2641 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
2642 | 14 | "The hash is an FNV1a-128 hash, serialized in little endian order", HFILL } |
2643 | 14 | }, |
2644 | 14 | { &hf_gquic_frame, |
2645 | 14 | { "Frame", "gquic.frame", |
2646 | 14 | FT_NONE, BASE_NONE, NULL, 0x0, |
2647 | 14 | NULL, HFILL } |
2648 | 14 | }, |
2649 | 14 | { &hf_gquic_frame_type, |
2650 | 14 | { "Frame Type", "gquic.frame_type", |
2651 | 14 | FT_UINT8 ,BASE_RANGE_STRING | BASE_HEX, RVALS(frame_type_vals), 0x0, |
2652 | 14 | NULL, HFILL } |
2653 | 14 | }, |
2654 | 14 | { &hf_gquic_frame_type_padding_length, |
2655 | 14 | { "Padding Length", "gquic.frame_type.padding.length", |
2656 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
2657 | 14 | NULL, HFILL } |
2658 | 14 | }, |
2659 | 14 | { &hf_gquic_frame_type_padding, |
2660 | 14 | { "Padding", "gquic.frame_type.padding", |
2661 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
2662 | 14 | "Must be zero", HFILL } |
2663 | 14 | }, |
2664 | 14 | { &hf_gquic_frame_type_rsts_stream_id, |
2665 | 14 | { "Stream ID", "gquic.frame_type.rsts.stream_id", |
2666 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
2667 | 14 | "Stream ID of the stream being terminated", HFILL } |
2668 | 14 | }, |
2669 | 14 | { &hf_gquic_frame_type_rsts_byte_offset, |
2670 | 14 | { "Byte offset", "gquic.frame_type.rsts.byte_offset", |
2671 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
2672 | 14 | "Indicating the absolute byte offset of the end of data for this stream", HFILL } |
2673 | 14 | }, |
2674 | 14 | { &hf_gquic_frame_type_rsts_error_code, |
2675 | 14 | { "Error code", "gquic.frame_type.rsts.error_code", |
2676 | 14 | FT_UINT32, BASE_DEC|BASE_EXT_STRING, &rststream_error_code_vals_ext, 0x0, |
2677 | 14 | "Indicates why the stream is being closed", HFILL } |
2678 | 14 | }, |
2679 | 14 | { &hf_gquic_frame_type_cc_error_code, |
2680 | 14 | { "Error code", "gquic.frame_type.cc.error_code", |
2681 | 14 | FT_UINT32, BASE_DEC|BASE_EXT_STRING, &error_code_vals_ext, 0x0, |
2682 | 14 | "Indicates the reason for closing this connection", HFILL } |
2683 | 14 | }, |
2684 | 14 | { &hf_gquic_frame_type_cc_reason_phrase_length, |
2685 | 14 | { "Reason phrase Length", "gquic.frame_type.cc.reason_phrase.length", |
2686 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
2687 | 14 | "Specifying the length of the reason phrase", HFILL } |
2688 | 14 | }, |
2689 | 14 | { &hf_gquic_frame_type_cc_reason_phrase, |
2690 | 14 | { "Reason phrase", "gquic.frame_type.cc.reason_phrase", |
2691 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
2692 | 14 | "An optional human-readable explanation for why the connection was closed", HFILL } |
2693 | 14 | }, |
2694 | 14 | { &hf_gquic_frame_type_goaway_error_code, |
2695 | 14 | { "Error code", "gquic.frame_type.goaway.error_code", |
2696 | 14 | FT_UINT32, BASE_DEC|BASE_EXT_STRING, &error_code_vals_ext, 0x0, |
2697 | 14 | "Indicates the reason for closing this connection", HFILL } |
2698 | 14 | }, |
2699 | 14 | { &hf_gquic_frame_type_goaway_last_good_stream_id, |
2700 | 14 | { "Last Good Stream ID", "gquic.frame_type.goaway.last_good_stream_id", |
2701 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
2702 | 14 | "last Stream ID which was accepted by the sender of the GOAWAY message", HFILL } |
2703 | 14 | }, |
2704 | 14 | { &hf_gquic_frame_type_goaway_reason_phrase_length, |
2705 | 14 | { "Reason phrase Length", "gquic.frame_type.goaway.reason_phrase.length", |
2706 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
2707 | 14 | "Specifying the length of the reason phrase", HFILL } |
2708 | 14 | }, |
2709 | 14 | { &hf_gquic_frame_type_goaway_reason_phrase, |
2710 | 14 | { "Reason phrase", "gquic.frame_type.goaway.reason_phrase", |
2711 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
2712 | 14 | "An optional human-readable explanation for why the connection was closed", HFILL } |
2713 | 14 | }, |
2714 | 14 | { &hf_gquic_frame_type_wu_stream_id, |
2715 | 14 | { "Stream ID", "gquic.frame_type.wu.stream_id", |
2716 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
2717 | 14 | "ID of the stream whose flow control windows is begin updated, or 0 to specify the connection-level flow control window", HFILL } |
2718 | 14 | }, |
2719 | 14 | { &hf_gquic_frame_type_wu_byte_offset, |
2720 | 14 | { "Byte offset", "gquic.frame_type.wu.byte_offset", |
2721 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
2722 | 14 | "Indicating the absolute byte offset of data which can be sent on the given stream", HFILL } |
2723 | 14 | }, |
2724 | 14 | { &hf_gquic_frame_type_blocked_stream_id, |
2725 | 14 | { "Stream ID", "gquic.frame_type.blocked.stream_id", |
2726 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
2727 | 14 | "Indicating the stream which is flow control blocked", HFILL } |
2728 | 14 | }, |
2729 | 14 | { &hf_gquic_frame_type_sw_send_entropy, |
2730 | 14 | { "Send Entropy", "gquic.frame_type.sw.send_entropy", |
2731 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
2732 | 14 | "Specifying the cumulative hash of entropy in all sent packets up to the packet with packet number one less than the least unacked packet", HFILL } |
2733 | 14 | }, |
2734 | 14 | { &hf_gquic_frame_type_sw_least_unacked_delta, |
2735 | 14 | { "Least unacked delta", "gquic.frame_type.sw.least_unacked_delta", |
2736 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
2737 | 14 | "A variable length packet number delta with the same length as the packet header's packet number", HFILL } |
2738 | 14 | }, |
2739 | 14 | { &hf_gquic_crypto_offset, |
2740 | 14 | { "Offset", "gquic.crypto.offset", |
2741 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
2742 | 14 | "Byte offset into the stream", HFILL } |
2743 | 14 | }, |
2744 | 14 | { &hf_gquic_crypto_length, |
2745 | 14 | { "Length", "gquic.crypto.length", |
2746 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
2747 | 14 | "Length of the Crypto Data field", HFILL } |
2748 | 14 | }, |
2749 | 14 | { &hf_gquic_crypto_crypto_data, |
2750 | 14 | { "Crypto Data", "gquic.crypto.crypto_data", |
2751 | 14 | FT_NONE, BASE_NONE, NULL, 0x0, |
2752 | 14 | "The cryptographic message data", HFILL } |
2753 | 14 | }, |
2754 | 14 | { &hf_gquic_frame_type_stream, |
2755 | 14 | { "Stream", "gquic.frame_type.stream", |
2756 | 14 | FT_BOOLEAN, 8, NULL, FTFLAGS_STREAM, |
2757 | 14 | NULL, HFILL } |
2758 | 14 | }, |
2759 | 14 | { &hf_gquic_frame_type_stream_f, |
2760 | 14 | { "FIN", "gquic.frame_type.stream.f", |
2761 | 14 | FT_BOOLEAN, 8, NULL, FTFLAGS_STREAM_F, |
2762 | 14 | NULL, HFILL } |
2763 | 14 | }, |
2764 | 14 | { &hf_gquic_frame_type_stream_d, |
2765 | 14 | { "Data Length", "gquic.frame_type.stream.d", |
2766 | 14 | FT_BOOLEAN, 8, TFS(&len_data_vals), FTFLAGS_STREAM_D, |
2767 | 14 | NULL, HFILL } |
2768 | 14 | }, |
2769 | 14 | { &hf_gquic_frame_type_stream_ooo, |
2770 | 14 | { "Offset Length", "gquic.frame_type.stream.ooo", |
2771 | 14 | FT_UINT8, BASE_DEC, VALS(len_offset_vals), FTFLAGS_STREAM_OOO, |
2772 | 14 | NULL, HFILL } |
2773 | 14 | }, |
2774 | 14 | { &hf_gquic_frame_type_stream_ss, |
2775 | 14 | { "Stream Length", "gquic.frame_type.stream.ss", |
2776 | 14 | FT_UINT8, BASE_DEC, VALS(len_stream_vals), FTFLAGS_STREAM_SS, |
2777 | 14 | NULL, HFILL } |
2778 | 14 | }, |
2779 | 14 | { &hf_gquic_frame_type_ack, |
2780 | 14 | { "ACK", "gquic.frame_type.ack", |
2781 | 14 | FT_BOOLEAN, 8, NULL, FTFLAGS_ACK, |
2782 | 14 | NULL, HFILL } |
2783 | 14 | }, |
2784 | 14 | { &hf_gquic_frame_type_ack_n, |
2785 | 14 | { "NACK", "gquic.frame_type.ack.n", |
2786 | 14 | FT_BOOLEAN, 8, NULL, FTFLAGS_ACK_N, |
2787 | 14 | NULL, HFILL } |
2788 | 14 | }, |
2789 | 14 | { &hf_gquic_frame_type_ack_u, |
2790 | 14 | { "Unused", "gquic.frame_type.ack.u", |
2791 | 14 | FT_BOOLEAN, 8, NULL, FTFLAGS_ACK_U, |
2792 | 14 | NULL, HFILL } |
2793 | 14 | }, |
2794 | 14 | { &hf_gquic_frame_type_ack_t, |
2795 | 14 | { "Truncated", "gquic.frame_type.ack.t", |
2796 | 14 | FT_BOOLEAN, 8, NULL, FTFLAGS_ACK_T, |
2797 | 14 | NULL, HFILL } |
2798 | 14 | }, |
2799 | 14 | { &hf_gquic_frame_type_ack_ll, |
2800 | 14 | { "Largest Observed Length", "gquic.frame_type.ack.ll", |
2801 | 14 | FT_UINT8, BASE_DEC, VALS(len_largest_observed_vals), FTFLAGS_ACK_LL, |
2802 | 14 | "Length of the Largest Observed field as 1, 2, 4, or 6 bytes long", HFILL } |
2803 | 14 | }, |
2804 | 14 | { &hf_gquic_frame_type_ack_mm, |
2805 | 14 | { "Missing Packet Length", "gquic.frame_type.ack.mm", |
2806 | 14 | FT_UINT8, BASE_DEC, VALS(len_missing_packet_vals), FTFLAGS_ACK_MM, |
2807 | 14 | "Length of the Missing Packet Number Delta field as 1, 2, 4, or 6 bytes long", HFILL } |
2808 | 14 | }, |
2809 | | /* ACK before Q034 */ |
2810 | 14 | { &hf_gquic_frame_type_ack_received_entropy, |
2811 | 14 | { "Received Entropy", "gquic.frame_type.ack.received_entropy", |
2812 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
2813 | 14 | "Specifying the cumulative hash of entropy in all received packets up to the largest observed packet", HFILL } |
2814 | 14 | }, |
2815 | 14 | { &hf_gquic_frame_type_ack_largest_observed, |
2816 | 14 | { "Largest Observed", "gquic.frame_type.ack.largest_observed", |
2817 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
2818 | 14 | "Representing the largest packet number the peer has observed", HFILL } |
2819 | 14 | }, |
2820 | 14 | { &hf_gquic_frame_type_ack_ack_delay_time, |
2821 | 14 | { "Ack Delay time", "gquic.frame_type.ack.ack_delay_time", |
2822 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
2823 | 14 | "Specifying the time elapsed in microseconds from when largest observed was received until this Ack frame was sent", HFILL } |
2824 | 14 | }, |
2825 | 14 | { &hf_gquic_frame_type_ack_num_timestamp, |
2826 | 14 | { "Num Timestamp", "gquic.frame_type.ack.num_timestamp", |
2827 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
2828 | 14 | "Specifying the number of TCP timestamps that are included in this frame", HFILL } |
2829 | 14 | }, |
2830 | 14 | { &hf_gquic_frame_type_ack_delta_largest_observed, |
2831 | 14 | { "Delta Largest Observed", "gquic.frame_type.ack.delta_largest_observed", |
2832 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
2833 | 14 | "Specifying the packet number delta from the first timestamp to the largest observed", HFILL } |
2834 | 14 | }, |
2835 | 14 | { &hf_gquic_frame_type_ack_first_timestamp, |
2836 | 14 | { "First Timestamp", "gquic.frame_type.ack.first_timestamp", |
2837 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
2838 | 14 | "Specifying the time delta in microseconds, from the beginning of the connection of the arrival of the packet specified by Largest Observed minus Delta Largest Observed", HFILL } |
2839 | 14 | }, |
2840 | 14 | { &hf_gquic_frame_type_ack_time_since_previous_timestamp, |
2841 | 14 | { "Time since Previous timestamp", "gquic.frame_type.ack.time_since_previous_timestamp", |
2842 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
2843 | 14 | "This is the time delta from the previous timestamp", HFILL } |
2844 | 14 | }, |
2845 | 14 | { &hf_gquic_frame_type_ack_num_ranges, |
2846 | 14 | { "Num Ranges", "gquic.frame_type.ack.num_ranges", |
2847 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
2848 | 14 | "Specifying the number of missing packet ranges between largest observed and least unacked", HFILL } |
2849 | 14 | }, |
2850 | 14 | { &hf_gquic_frame_type_ack_missing_packet, |
2851 | 14 | { "Missing Packet Number Delta", "gquic.frame_type.ack.missing_packet", |
2852 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
2853 | 14 | NULL, HFILL } |
2854 | 14 | }, |
2855 | 14 | { &hf_gquic_frame_type_ack_range_length, |
2856 | 14 | { "Range Length", "gquic.frame_type.ack.range_length", |
2857 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
2858 | 14 | "Specifying one less than the number of sequential nacks in the range", HFILL } |
2859 | 14 | }, |
2860 | 14 | { &hf_gquic_frame_type_ack_num_revived, |
2861 | 14 | { "Num Revived", "gquic.frame_type.ack.num_revived", |
2862 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
2863 | 14 | "Specifying the number of revived packets, recovered via FEC", HFILL } |
2864 | 14 | }, |
2865 | 14 | { &hf_gquic_frame_type_ack_revived_packet, |
2866 | 14 | { "Revived Packet Number", "gquic.frame_type.ack.revived_packet", |
2867 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
2868 | 14 | "Representing a packet the peer has revived via FEC", HFILL } |
2869 | 14 | }, |
2870 | | /* ACK after Q034 */ |
2871 | 14 | { &hf_gquic_frame_type_ack_largest_acked, |
2872 | 14 | { "Largest Acked", "gquic.frame_type.ack.largest_acked", |
2873 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
2874 | 14 | "Representing the largest packet number the peer has observed", HFILL } |
2875 | 14 | }, |
2876 | 14 | { &hf_gquic_frame_type_ack_largest_acked_delta_time, |
2877 | 14 | { "Largest Acked Delta Time", "gquic.frame_type.ack.largest_acked_delta_time", |
2878 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
2879 | 14 | "Specifying the time elapsed in microseconds from when largest acked was received until this Ack frame was sent", HFILL } |
2880 | 14 | }, |
2881 | 14 | { &hf_gquic_frame_type_ack_num_blocks, |
2882 | 14 | { "Num blocks", "gquic.frame_type.ack.num_blocks", |
2883 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
2884 | 14 | "Specifying one less than the number of ack blocks", HFILL } |
2885 | 14 | }, |
2886 | 14 | { &hf_gquic_frame_type_ack_first_ack_block_length, |
2887 | 14 | { "First Ack block length", "gquic.frame_type.ack.first_ack_block_length", |
2888 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
2889 | 14 | NULL, HFILL } |
2890 | 14 | }, |
2891 | 14 | { &hf_gquic_frame_type_ack_gap_to_next_block, |
2892 | 14 | { "Gap to next block", "gquic.frame_type.ack.gap_to_next_block", |
2893 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
2894 | 14 | "Specifying the number of packets between ack blocks", HFILL } |
2895 | 14 | }, |
2896 | 14 | { &hf_gquic_frame_type_ack_ack_block_length, |
2897 | 14 | { "Ack block length", "gquic.frame_type.ack.ack_block_length", |
2898 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
2899 | 14 | NULL, HFILL } |
2900 | 14 | }, |
2901 | 14 | { &hf_gquic_frame_type_ack_delta_largest_acked, |
2902 | 14 | { "Delta Largest Observed", "gquic.frame_type.ack.delta_largest_acked", |
2903 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
2904 | 14 | "Specifying the packet number delta from the first timestamp to the largest observed", HFILL } |
2905 | 14 | }, |
2906 | 14 | { &hf_gquic_frame_type_ack_time_since_largest_acked, |
2907 | 14 | { "Time Since Largest Acked", "gquic.frame_type.ack.time_since_largest_acked", |
2908 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
2909 | 14 | "Specifying the time delta in microseconds, from the beginning of the connection of the arrival of the packet specified by Largest Observed minus Delta Largest Observed", HFILL } |
2910 | 14 | }, |
2911 | | |
2912 | | |
2913 | | |
2914 | 14 | { &hf_gquic_stream_id, |
2915 | 14 | { "Stream ID", "gquic.stream_id", |
2916 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
2917 | 14 | NULL, HFILL } |
2918 | 14 | }, |
2919 | 14 | { &hf_gquic_offset, |
2920 | 14 | { "Offset", "gquic.offset", |
2921 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
2922 | 14 | NULL, HFILL } |
2923 | 14 | }, |
2924 | 14 | { &hf_gquic_data_len, |
2925 | 14 | { "Data Length", "gquic.data_len", |
2926 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
2927 | 14 | NULL, HFILL } |
2928 | 14 | }, |
2929 | 14 | { &hf_gquic_tag, |
2930 | 14 | { "Tag", "gquic.tag", |
2931 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
2932 | 14 | NULL, HFILL } |
2933 | 14 | }, |
2934 | 14 | { &hf_gquic_tag_number, |
2935 | 14 | { "Tag Number", "gquic.tag_number", |
2936 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
2937 | 14 | NULL, HFILL } |
2938 | 14 | }, |
2939 | 14 | { &hf_gquic_tags, |
2940 | 14 | { "Tag/value", "gquic.tags", |
2941 | 14 | FT_NONE, BASE_NONE, NULL, 0x0, |
2942 | 14 | NULL, HFILL } |
2943 | 14 | }, |
2944 | 14 | { &hf_gquic_tag_type, |
2945 | 14 | { "Tag Type", "gquic.tag_type", |
2946 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
2947 | 14 | NULL, HFILL } |
2948 | 14 | }, |
2949 | 14 | { &hf_gquic_tag_offset_end, |
2950 | 14 | { "Tag offset end", "gquic.tag_offset_end", |
2951 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
2952 | 14 | NULL, HFILL } |
2953 | 14 | }, |
2954 | 14 | { &hf_gquic_tag_length, |
2955 | 14 | { "Tag length", "gquic.tag_offset_length", |
2956 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
2957 | 14 | NULL, HFILL } |
2958 | 14 | }, |
2959 | 14 | { &hf_gquic_tag_value, |
2960 | 14 | { "Tag/value", "gquic.tag_value", |
2961 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
2962 | 14 | NULL, HFILL } |
2963 | 14 | }, |
2964 | 14 | { &hf_gquic_tag_sni, |
2965 | 14 | { "Server Name Indication", "gquic.tag.sni", |
2966 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
2967 | 14 | "The fully qualified DNS name of the server, canonicalised to lowercase with no trailing period", HFILL } |
2968 | 14 | }, |
2969 | 14 | { &hf_gquic_tag_pad, |
2970 | 14 | { "Padding", "gquic.tag.pad", |
2971 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
2972 | 14 | "Pad.....", HFILL } |
2973 | 14 | }, |
2974 | 14 | { &hf_gquic_tag_ver, |
2975 | 14 | { "Version", "gquic.tag.version", |
2976 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
2977 | 14 | "Version of gquic supported", HFILL } |
2978 | 14 | }, |
2979 | 14 | { &hf_gquic_tag_pdmd, |
2980 | 14 | { "Proof demand", "gquic.tag.pdmd", |
2981 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
2982 | 14 | "a list of tags describing the types of proof acceptable to the client, in preference order", HFILL } |
2983 | 14 | }, |
2984 | 14 | { &hf_gquic_tag_ccs, |
2985 | 14 | { "Common certificate sets", "gquic.tag.ccs", |
2986 | 14 | FT_UINT64, BASE_HEX, NULL, 0x0, |
2987 | 14 | "A series of 64-bit, FNV-1a hashes of sets of common certificates that the client possesses", HFILL } |
2988 | 14 | }, |
2989 | 14 | { &hf_gquic_tag_uaid, |
2990 | 14 | { "Client's User Agent ID", "gquic.tag.uaid", |
2991 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
2992 | 14 | NULL, HFILL } |
2993 | 14 | }, |
2994 | 14 | { &hf_gquic_tag_stk, |
2995 | 14 | { "Source-address token", "gquic.tag.stk", |
2996 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
2997 | 14 | NULL, HFILL } |
2998 | 14 | }, |
2999 | 14 | { &hf_gquic_tag_sno, |
3000 | 14 | { "Server nonce", "gquic.tag.sno", |
3001 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3002 | 14 | NULL, HFILL } |
3003 | 14 | }, |
3004 | 14 | { &hf_gquic_tag_prof, |
3005 | 14 | { "Proof (Signature)", "gquic.tag.prof", |
3006 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3007 | 14 | NULL, HFILL } |
3008 | 14 | }, |
3009 | 14 | { &hf_gquic_tag_scfg, |
3010 | 14 | { "Server Config Tag", "gquic.tag.scfg", |
3011 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
3012 | 14 | NULL, HFILL } |
3013 | 14 | }, |
3014 | 14 | { &hf_gquic_tag_scfg_number, |
3015 | 14 | { "Number Server Config Tag", "gquic.tag.scfg.number", |
3016 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
3017 | 14 | NULL, HFILL } |
3018 | 14 | }, |
3019 | 14 | { &hf_gquic_tag_rrej, |
3020 | 14 | { "Reasons for server sending", "gquic.tag.rrej", |
3021 | 14 | FT_UINT32, BASE_DEC|BASE_EXT_STRING, &handshake_failure_reason_vals_ext, 0x0, |
3022 | 14 | NULL, HFILL } |
3023 | 14 | }, |
3024 | 14 | { &hf_gquic_tag_crt, |
3025 | 14 | { "Certificate chain", "gquic.tag.crt", |
3026 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3027 | 14 | NULL, HFILL } |
3028 | 14 | }, |
3029 | 14 | { &hf_gquic_tag_aead, |
3030 | 14 | { "Authenticated encryption algorithms", "gquic.tag.aead", |
3031 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
3032 | 14 | "A list of tags, in preference order, specifying the AEAD primitives supported by the server", HFILL } |
3033 | 14 | }, |
3034 | 14 | { &hf_gquic_tag_scid, |
3035 | 14 | { "Server Config ID", "gquic.tag.scid", |
3036 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3037 | 14 | "An opaque, 16-byte identifier for this server config", HFILL } |
3038 | 14 | }, |
3039 | 14 | { &hf_gquic_tag_pubs, |
3040 | 14 | { "Public value", "gquic.tag.pubs", |
3041 | 14 | FT_UINT24, BASE_DEC_HEX, NULL, 0x0, |
3042 | 14 | "A list of public values, 24-bit, little-endian length prefixed", HFILL } |
3043 | 14 | }, |
3044 | 14 | { &hf_gquic_tag_kexs, |
3045 | 14 | { "Key exchange algorithms", "gquic.tag.kexs", |
3046 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
3047 | 14 | "A list of tags, in preference order, specifying the key exchange algorithms that the server supports", HFILL } |
3048 | 14 | }, |
3049 | 14 | { &hf_gquic_tag_obit, |
3050 | 14 | { "Server orbit", "gquic.tag.obit", |
3051 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3052 | 14 | NULL, HFILL } |
3053 | 14 | }, |
3054 | 14 | { &hf_gquic_tag_expy, |
3055 | 14 | { "Expiry", "gquic.tag.expy", |
3056 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
3057 | 14 | "a 64-bit expiry time for the server config in UNIX epoch seconds", HFILL } |
3058 | 14 | }, |
3059 | 14 | { &hf_gquic_tag_nonc, |
3060 | 14 | { "Client nonce", "gquic.tag.nonc", |
3061 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3062 | 14 | "32 bytes consisting of 4 bytes of timestamp (big-endian, UNIX epoch seconds), 8 bytes of server orbit and 20 bytes of random data", HFILL } |
3063 | 14 | }, |
3064 | 14 | { &hf_gquic_tag_mspc, |
3065 | 14 | { "Max streams per connection", "gquic.tag.mspc", |
3066 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
3067 | 14 | NULL, HFILL } |
3068 | 14 | }, |
3069 | 14 | { &hf_gquic_tag_tcid, |
3070 | 14 | { "Connection ID truncation", "gquic.tag.tcid", |
3071 | 14 | FT_UINT32, BASE_DEC_HEX, NULL, 0x0, |
3072 | 14 | NULL, HFILL } |
3073 | 14 | }, |
3074 | 14 | { &hf_gquic_tag_srbf, |
3075 | 14 | { "Socket receive buffer", "gquic.tag.srbf", |
3076 | 14 | FT_UINT32, BASE_DEC_HEX, NULL, 0x0, |
3077 | 14 | NULL, HFILL } |
3078 | 14 | }, |
3079 | 14 | { &hf_gquic_tag_icsl, |
3080 | 14 | { "Idle connection state", "gquic.tag.icsl", |
3081 | 14 | FT_UINT32, BASE_DEC_HEX, NULL, 0x0, |
3082 | 14 | NULL, HFILL } |
3083 | 14 | }, |
3084 | 14 | { &hf_gquic_tag_scls, |
3085 | 14 | { "Silently close on timeout", "gquic.tag.scls", |
3086 | 14 | FT_UINT32, BASE_DEC_HEX, NULL, 0x0, |
3087 | 14 | NULL, HFILL } |
3088 | 14 | }, |
3089 | 14 | { &hf_gquic_tag_copt, |
3090 | 14 | { "Connection options", "gquic.tag.copt", |
3091 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
3092 | 14 | NULL, HFILL } |
3093 | 14 | }, |
3094 | 14 | { &hf_gquic_tag_ccrt, |
3095 | 14 | { "Cached certificates", "gquic.tag.ccrt", |
3096 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3097 | 14 | NULL, HFILL } |
3098 | 14 | }, |
3099 | 14 | { &hf_gquic_tag_irtt, |
3100 | 14 | { "Estimated initial RTT", "gquic.tag.irtt", |
3101 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
3102 | 14 | "in us", HFILL } |
3103 | 14 | }, |
3104 | 14 | { &hf_gquic_tag_cfcw, |
3105 | 14 | { "Initial session/connection", "gquic.tag.cfcw", |
3106 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
3107 | 14 | NULL, HFILL } |
3108 | 14 | }, |
3109 | 14 | { &hf_gquic_tag_sfcw, |
3110 | 14 | { "Initial stream flow control", "gquic.tag.sfcw", |
3111 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
3112 | 14 | NULL, HFILL } |
3113 | 14 | }, |
3114 | 14 | { &hf_gquic_tag_cetv, |
3115 | 14 | { "Client encrypted tag-value", "gquic.tag.cetv", |
3116 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3117 | 14 | NULL, HFILL } |
3118 | 14 | }, |
3119 | 14 | { &hf_gquic_tag_xlct, |
3120 | 14 | { "Expected leaf certificate", "gquic.tag.xlct", |
3121 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3122 | 14 | NULL, HFILL } |
3123 | 14 | }, |
3124 | 14 | { &hf_gquic_tag_nonp, |
3125 | 14 | { "Client Proof nonce", "gquic.tag.nonp", |
3126 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3127 | 14 | NULL, HFILL } |
3128 | 14 | }, |
3129 | 14 | { &hf_gquic_tag_csct, |
3130 | 14 | { "Signed cert timestamp", "gquic.tag.csct", |
3131 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3132 | 14 | NULL, HFILL } |
3133 | 14 | }, |
3134 | 14 | { &hf_gquic_tag_ctim, |
3135 | 14 | { "Client Timestamp", "gquic.tag.ctim", |
3136 | 14 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0, |
3137 | 14 | NULL, HFILL } |
3138 | 14 | }, |
3139 | 14 | { &hf_gquic_tag_rnon, |
3140 | 14 | { "Public reset nonce proof", "gquic.tag.rnon", |
3141 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
3142 | 14 | NULL, HFILL } |
3143 | 14 | }, |
3144 | 14 | { &hf_gquic_tag_rseq, |
3145 | 14 | { "Rejected Packet Number", "gquic.tag.rseq", |
3146 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
3147 | 14 | "a 64-bit packet number", HFILL } |
3148 | 14 | }, |
3149 | 14 | { &hf_gquic_tag_cadr_addr_type, |
3150 | 14 | { "Client IP Address Type", "gquic.tag.caddr.addr.type", |
3151 | 14 | FT_UINT16, BASE_DEC, VALS(cadr_type_vals), 0x0, |
3152 | 14 | NULL, HFILL } |
3153 | 14 | }, |
3154 | 14 | { &hf_gquic_tag_cadr_addr_ipv4, |
3155 | 14 | { "Client IP Address", "gquic.tag.caddr.addr.ipv4", |
3156 | 14 | FT_IPv4, BASE_NONE, NULL, 0x0, |
3157 | 14 | NULL, HFILL } |
3158 | 14 | }, |
3159 | 14 | { &hf_gquic_tag_cadr_addr_ipv6, |
3160 | 14 | { "Client IP Address", "gquic.tag.caddr.addr.ipv6", |
3161 | 14 | FT_IPv6, BASE_NONE, NULL, 0x0, |
3162 | 14 | NULL, HFILL } |
3163 | 14 | }, |
3164 | 14 | { &hf_gquic_tag_cadr_addr, |
3165 | 14 | { "Client IP Address", "gquic.tag.caddr.addr", |
3166 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3167 | 14 | NULL, HFILL } |
3168 | 14 | }, |
3169 | 14 | { &hf_gquic_tag_cadr_port, |
3170 | 14 | { "Client Port (Source)", "gquic.tag.caddr.port", |
3171 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
3172 | 14 | NULL, HFILL } |
3173 | 14 | }, |
3174 | 14 | { &hf_gquic_tag_mids, |
3175 | 14 | { "Max incoming dynamic streams", "gquic.tag.mids", |
3176 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
3177 | 14 | NULL, HFILL } |
3178 | 14 | }, |
3179 | 14 | { &hf_gquic_tag_fhol, |
3180 | 14 | { "Force Head Of Line blocking", "gquic.tag.fhol", |
3181 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
3182 | 14 | NULL, HFILL } |
3183 | 14 | }, |
3184 | 14 | { &hf_gquic_tag_sttl, |
3185 | 14 | { "Server Config TTL", "gquic.tag.sttl", |
3186 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
3187 | 14 | NULL, HFILL } |
3188 | 14 | }, |
3189 | 14 | { &hf_gquic_tag_smhl, |
3190 | 14 | { "Support Max Header List (size)", "gquic.tag.smhl", |
3191 | 14 | FT_UINT64, BASE_DEC, NULL, 0x0, |
3192 | 14 | NULL, HFILL } |
3193 | 14 | }, |
3194 | 14 | { &hf_gquic_tag_tbkp, |
3195 | 14 | { "Token Binding Key Params.", "gquic.tag.tbkp", |
3196 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
3197 | 14 | NULL, HFILL } |
3198 | 14 | }, |
3199 | 14 | { &hf_gquic_tag_mad0, |
3200 | 14 | { "Max Ack Delay", "gquic.tag.mad0", |
3201 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
3202 | 14 | NULL, HFILL } |
3203 | 14 | }, |
3204 | 14 | { &hf_gquic_tag_qlve, |
3205 | 14 | { "Legacy Version Encapsulation", "gquic.tag.qlve", |
3206 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3207 | 14 | NULL, HFILL } |
3208 | 14 | }, |
3209 | 14 | { &hf_gquic_tag_cgst, |
3210 | 14 | { "Congestion Control Feedback Type", "gquic.tag.cgst", |
3211 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3212 | 14 | NULL, HFILL } |
3213 | 14 | }, |
3214 | 14 | { &hf_gquic_tag_epid, |
3215 | 14 | { "Endpoint identifier", "gquic.tag.epid", |
3216 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
3217 | 14 | NULL, HFILL } |
3218 | 14 | }, |
3219 | 14 | { &hf_gquic_tag_srst, |
3220 | 14 | { "Stateless Reset Token", "gquic.tag.srst", |
3221 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3222 | 14 | NULL, HFILL } |
3223 | 14 | }, |
3224 | | |
3225 | 14 | { &hf_gquic_tag_unknown, |
3226 | 14 | { "Unknown tag", "gquic.tag.unknown", |
3227 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3228 | 14 | NULL, HFILL } |
3229 | 14 | }, |
3230 | 14 | { &hf_gquic_padding, |
3231 | 14 | { "Padding", "gquic.padding", |
3232 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3233 | 14 | NULL, HFILL } |
3234 | 14 | }, |
3235 | 14 | { &hf_gquic_stream_data, |
3236 | 14 | { "Stream Data", "gquic.stream_data", |
3237 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3238 | 14 | NULL, HFILL } |
3239 | 14 | }, |
3240 | 14 | { &hf_gquic_payload, |
3241 | 14 | { "Payload", "gquic.payload", |
3242 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
3243 | 14 | "(Google) QUIC Payload..", HFILL } |
3244 | 14 | }, |
3245 | 14 | }; |
3246 | | |
3247 | | |
3248 | 14 | static int *ett[] = { |
3249 | 14 | &ett_gquic, |
3250 | 14 | &ett_gquic_puflags, |
3251 | 14 | &ett_gquic_prflags, |
3252 | 14 | &ett_gquic_ft, |
3253 | 14 | &ett_gquic_ftflags, |
3254 | 14 | &ett_gquic_tag_value |
3255 | 14 | }; |
3256 | | |
3257 | 14 | static ei_register_info ei[] = { |
3258 | 14 | { &ei_gquic_tag_undecoded, { "gquic.tag.undecoded", PI_UNDECODED, PI_NOTE, "Dissector for (Google)QUIC Tag code not implemented, Contact Wireshark developers if you want this supported", EXPFILL }}, |
3259 | 14 | { &ei_gquic_tag_length, { "gquic.tag.length.truncated", PI_MALFORMED, PI_NOTE, "Truncated Tag Length...", EXPFILL }}, |
3260 | 14 | { &ei_gquic_tag_unknown, { "gquic.tag.unknown.data", PI_UNDECODED, PI_NOTE, "Unknown Data", EXPFILL }}, |
3261 | 14 | { &ei_gquic_version_invalid, { "gquic.version.invalid", PI_MALFORMED, PI_ERROR, "Invalid Version", EXPFILL }}, |
3262 | 14 | { &ei_gquic_invalid_parameter, { "gquic.invalid.parameter", PI_MALFORMED, PI_ERROR, "Invalid Parameter", EXPFILL }}, |
3263 | 14 | { &ei_gquic_length_invalid, { "gquic.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid Length", EXPFILL }}, |
3264 | 14 | { &ei_gquic_data_invalid, { "gquic.data.invalid", PI_PROTOCOL, PI_WARN, "Invalid Data", EXPFILL }}, |
3265 | 14 | }; |
3266 | | |
3267 | 14 | expert_module_t *expert_gquic; |
3268 | | |
3269 | 14 | proto_gquic = proto_register_protocol("GQUIC (Google Quick UDP Internet Connections)", "GQUIC", "gquic"); |
3270 | | |
3271 | 14 | proto_register_field_array(proto_gquic, hf, array_length(hf)); |
3272 | 14 | proto_register_subtree_array(ett, array_length(ett)); |
3273 | | |
3274 | 14 | gquic_module = prefs_register_protocol(proto_gquic, NULL); |
3275 | | |
3276 | 14 | prefs_register_bool_preference(gquic_module, "debug.quic", |
3277 | 14 | "Force decode of all (Google) QUIC Payload", |
3278 | 14 | "Help for debug...", |
3279 | 14 | &g_gquic_debug); |
3280 | | |
3281 | 14 | expert_gquic = expert_register_protocol(proto_gquic); |
3282 | 14 | expert_register_field_array(expert_gquic, ei, array_length(ei)); |
3283 | | |
3284 | 14 | gquic_handle = register_dissector("gquic", dissect_gquic, proto_gquic); |
3285 | 14 | } |
3286 | | |
3287 | | void |
3288 | | proto_reg_handoff_gquic(void) |
3289 | 14 | { |
3290 | 14 | tls13_handshake_handle = find_dissector("tls13-handshake"); |
3291 | 14 | quic_handle = find_dissector("quic"); |
3292 | 14 | dissector_add_uint_range_with_preference("udp.port", "", gquic_handle); |
3293 | 14 | heur_dissector_add("udp", dissect_gquic_heur, "Google QUIC", "gquic", proto_gquic, HEURISTIC_ENABLE); |
3294 | 14 | } |
3295 | | |
3296 | | |
3297 | | /* |
3298 | | * Editor modelines - https://www.wireshark.org/tools/modelines.html |
3299 | | * |
3300 | | * Local variables: |
3301 | | * c-basic-offset: 4 |
3302 | | * tab-width: 8 |
3303 | | * indent-tabs-mode: nil |
3304 | | * End: |
3305 | | * |
3306 | | * vi: set shiftwidth=4 tabstop=8 expandtab: |
3307 | | * :indentSize=4:tabSize=8:noTabs=true: |
3308 | | */ |